Regulating Data Protection: the Future of the EU

European UnionMonday saw some interesting announcements from the European Union (EU). The topic was the security of online data, not just from hackers but also from questionable use by the companies hosting it. To that end, major changes and updates are being suggested for the now 16-year-old Data Protection Directive.

Stephanie Bodoni brings us an official statement in her recent piece for Bloomberg Businessweek:

Data-protection authorities in the European Union must have greater powers to better enforce privacy rules across the 27-nation region, the EU’s justice commissioner said.

‘The authorities responsible for data protection must be provided with sufficient powers to enforce the law and they must have sufficient resources to exercise their powers,’ Viviane Reding said in prepared remarks of a speech in Brussels today. ‘We need legal certainty and a level-playing field for all businesses that handle personal data of our citizens.’

To create that level-playing field, Reding proposes that both consumers and corporate entities need a “one-stop shop” — legally speaking — one law and a single legal authority based on which member state the company’s main offices are located. Under the current laws, which have not been updated since the Internet’s infancy in 1995, companies have to abide by 27 different interpretations of EU’s privacy strictures.

Bodoni writes,

‘The administrative burden associated with this fragmentation costs businesses an estimated 2.3 billion euros ($3.08 billion) per year,’ said Reding.

Reding cites the need to make the EU companies more competitive when questioned about why she is suggesting this during a period of economic chaos. It does make a valid economic case to go along with the personal privacy concerns, concerns that are uppermost in Reding’s mind, it would seem.

Eric Pfanner of The New York Times reports:

During a separate speech, Ms. Reding said Tuesday that she wanted to give users of social networks and other Web services greater control by, for example, letting them delete personal data or move it to other sites more easily. Companies like Facebook have generally resisted such proposals, fearing this could undermine the development of services like targeted advertising, which relies on the mining of consumer data.

Facebook must be looking askance at this. It has consistently battled over control of user data. Ask anyone who has ever tried to completely delete a Facebook account.

As a matter of fact, the FTC has recently ruled that Facebook will be subject to independent audits over the next 20 years due to concerns over its handling of user data. Over the past several years, Facebook has built up an impressive list of privacy failures. Sharing user information with advertisers despite statements to the contrary. Failing to ensure data security in its apps despite flaunting its “Verified apps program.” Allowing third-party apps to access “Friends only” information. And, of course, the Beacon.

Zuckerberg and crew might benefit from only having to obey one set of rules, but those rules look to be more stringent than the current patchwork system. This will not work to their advantage. Since Facebook’s record on privacy issues is horrible, the FTC settlement and the new rules in the EU could prove to be a major one-two punch to the foremost social network. It remains to be seen how it will weather it.

Companies violating the new EU law could well be facing sanctions, criminal penalties, and the possibility of lawsuits filed by consumer groups. The proposal not only covers the EU-wide rules but also investing the data-protection officials with the power to enforce them. (Under the current hodge-podge of laws, officials in some countries have no authority beyond making recommendations.)

It does make one wonder if we will see the same harmonization eventually take place on a global level, and if so, what effect it might have.

Source: “Privacy Watchdogs Need Greater Powers, EU’s Justice Chief Says,” Bloomberg Businessweek, 11/28/11
Source: “A Proposal for E.U.-Wide Data Protection Regulation,” The New York Times, 11/29/11
Image: European Union Logo, used under Fair Use: Reporting.

About George Williams

George “Loki” Williams is the community and brand manager for award wining game company Savage Mojo, Ltd. and the owner of SocialGumbo, LLC, an online consultancy specializing in Web content and online communications. Loki has produced content for clients including the Open Society Institute, National Association of Broadcasters, Kobold Press, and Kaiser Permanente. His work has been seen or written about in The New York Times, The BBC, Air America, The Gambit Weekly, and NOLA.com, among others.

  

Leave a Comment

LEAVE A COMMENT