EU technocrats tend to move slowly but when they do rouse themselves they do so with the practised deadliness of a heavyweight boxer. Or at least they have in the case of new data privacy laws.
Yesterday afternoon (Wednesday) EU Commissioner Viviane Reding unveiled a ‘draft’ bill that states every European citizen has a fundamental right to protect their personal data. This extends to removing all of their data from a website – including those dodgy photographs, or in other words they have the ‘right to be forgotten.’
On the surface it may feel like an ‘eye-rolling, large yawn’ announcement but it has big implications especially for companies like Facebook, Google et al. There’s been a lot of friction recently about how these online behemoths hoover up personal data, don’t tell you, and then use it for commercial gain.
The bill is going to offer some much needed protection to the swelling mass of ‘yoof,’ some of whom have naive tendencies to put all their thoughts and photos online. This is often regretted some point further down the line.
A case in point is the recent Facebook ‘Timeline’ feature. It allows a user to showcase photos that can roll back months or years. It could be interesting and fun but it could also be embarrassing and awkward. A user could have photos that they’d rather not display to the world. Facebook is giving Timeline users a seven day window to remove pictures they don’t want to display – and then that’s it. But what if today’s acceptable picture turns out to be tomorrow’s cringe-inducing image? Tough. You’d be stuck with it on your profile.
To put some shoulder into the punch Reding said that those companies found guilty of breaching privacy could be fined two percent of global turnover. Two percent? Doesn’t sound like much but let’s put this in context. For an organisation like Facebook that could be about £85 million.
And staying with Facebook for a second, consider the implications for listed companies. Rumours have been swirling for some time that the social network giant is set to launch an IPO. If it does, and if it were to consistently breach the proposed privacy laws, it could be faced with a lot of furious toe-tapping investors.
The aim of the draft is to halt the endless collection and collation of user data for financial gain and to ensure that if someone has naively committed something to an online site they have the right to have it rubbed, as long as there are no legitimate grounds for retaining the data.
At the same time, the bill requires companies to notify the relevant national authorities of serious data breaches within 24 hours or as soon as possible. This should ensure we don’t see a repeat of the Sony Playstation hack in which customer credit cards details were stolen while the company dragged its feet for days before declaring the extent of the hack.
While many companies are likely to bemoan the bill, it’s actually urgently necessary in order to redress the balance. Some power needs to be handed back to the people who have made these services such a success, that is, you and I. There’s only one drawback – it’s likely to be two years before its enacted.
I think it’s about time. The current data protection laws date back to 1995 when less than one percent of Europeans used the Internet (according to the European Commission). The technological advancements that we have seen since then, such as online activity in general, social networking, self-made videos we publish on YouTube, data that is stored in the cloud, GPS enabled phones etc. actually require the law to be overhauled. Even the law has to go with the pace of time.
I agree Peggy. With breaches like the O2 incident revealed yesterday, there must be legislation to protect consumers.