Reforming Europe’s data protection laws: where are we now?
Over the last few weeks there has been a lot of media coverage and commentary about proposed data protection reform in Europe. Much of this has been about the issues of ‘state surveillance’ which – while important - has clouded the potential impact of the reforms upon the commercial use of data, including within the digital advertising sector.
The IAB's Nick Stringer
The reform’s aims
Back in January 2012, the European Commission published proposals to reform data protection law across Europe, currently a patchwork of national laws dating back to the pre-internet era of 1995. The aims of the reform are to streamline the law across Europe, and to update it to take into account today’s digital world and the increased collection, exchange and use of data. These aims are laudable: a pan-European legal framework for businesses operating across multiple territories seeking to break down barriers to growth, and strong safeguards and redress for consumers wherever they live and work. The proposals therefore have the potential to be the most important policy achievement of the digital era to date.
The impact
However, the European Commission’s proposals pose a significant threat to the viability of data-driven digital advertising and its role in helping to pay for online content, services and applications that European citizens can enjoy for little or no cost. Hardest hit will be small businesses and ‘start ups’, relying on ad revenue to ‘scale up’ and compete with more established players.
Ecommerce and therefore the UK’s digital economy, the world’s leading internet economy according to a report by the Boston Consulting Group, will suffer. In the end it is the average person, now spending one in 12 waking minutes online in the UK, that will be deprived of quality content and entertainment and competitive offers helping to save money. Why? In a nutshell, the European Commission’s proposals take a blanket approach to regulating data regardless of what it is used for, its sensitivity and whether it actually identifies a person or not. Coupled with a requirement to obtain explicit consent for its processing, it would render many ad businesses unworkable, as well as requiring consumers to go through numerous hoops to reach the service or content that they wish to access.
The result would be a more ‘logged in’ digital environment, reducing the business incentive to invest or build in security or privacy measures and without necessarily affording additional safeguards for consumers. The IAB believes – as others do – that safeguarding citizen privacy and an ad-funded internet, boosting economic growth and innovation, can be achieved in tandem, and not at the expense of one or the other.
You can read the IAB’s fact sheet to find out more about the proposals and their potential impact.
The European Parliament’s position
In order for the proposals to be finalised into law, the European Commission, the European Parliament (made up of elected MEPs) and all the national governments must agree. At the end of October the leading European Parliament Committee reviewing the proposals voted on some amendments to the European Commission’s text.
While the committee introduced amendments that may add some much needed granularity into the proposals, for example by introducing the concept of ‘pseudonymous data’ recognising that a significant amount of data used in digital advertising does not identify an individual, the new text – as currently drafted - would still have a negative impact upon many data-driven digital businesses. It does not yet meet the ‘balance and proportionality’ test. But there’s no doubt that the European Parliament’s work moves us closer towards a new law and the UK Information Commissioner’s Office (ICO) wrote that it “could prove one giant leap for data protection.”
Agreeing the final version
The focus now shifts to the national governments. They (via a body called the Council of Ministers) have yet to reach a clear position but want to see a more risk-based approach. Some within the European Commission and within the European Parliament seek to finalise the reform by mid-2014 to meet political deadlines (ie elections). However, the national governments appear to favour ‘quality’ over ‘speed’. Recognising the potential impact upon businesses, the UK Government is taking a robust line. Whatever, it continues to be one of the most hotly debated topics in Brussels (and beyond) with much at stake. There is still much work to do by all involved parties to agree a text that reflects the aforementioned balance.
It’s important that organisations follow the debate and developments, as well as working with trade body representatives to help inform the debate – both at UK and EU level – as it begins to reach its conclusion. What is very clear is that the digital advertising sector needs to step up its efforts to provide consumers with greater transparency about data collection and use, as well as offering consumer control. Where relevant, businesses should be involved, implementing and complying with the EU self-regulatory initiative to do this. The sector needs to show it can police itself, using innovative tools and approaches that are fit for the fast-moving digital world. Securing trust – particularly with consumers – can ensure that we have the freedom to grow our businesses in the future.
Nick Stringer is director of regulatory affairs at IAB UK