Refocus the data debate around individuals

DISCLAIMER: All opinions in this column reflect the views of the author(s), not of EURACTIV.com PLC.

Facebook is starting a new coalition on tech companies use of personal data. [Johan Larsson/Flickr]

Europe’s new privacy rules give businesses a chance to innovate – and Facebook is starting a new coalition on personal data, writes Stephen Deadman.

Stephen Deadman is global deputy chief privacy officer at Facebook.

Every age has its defining debates. In our time, one of the biggest is around data – how it’s created and analysed, who it’s shared with, who gets to use it, and how it’s protected. There are a number of questions at the heart of this debate: How do we maximise the use of data for innovation, while preserving our fundamental freedoms, like the right to privacy? How do we ensure data can flow freely to enable seamless services to be delivered from anywhere around the world, but still ensure that data is protected? What about the people whose data it is – what’s their role?

Until now, the debate about personal data has been framed largely by its historical context. Remember where this debate started – with the dawn of computing. No one then understood how valuable data would become, how it would begin to transform every sector of our economy. Even more importantly, it was inconceivable that the people whose data is being processed might actually be able to exercise some control over it – or get value from it themselves.

As a result, many now think there is an unavoidable trade-off between two apparently opposing forces – the desire for innovation and growth, and the right to privacy and security. That if you want innovation and growth you must be prepared to sacrifice privacy, and that if you want data protection and privacy it will have to come at the expense of innovation and growth. Neither is true.

In fact, what we’ve now got is the worst of both worlds. Over the last fifteen years many of Europe’s storied carmakers, publishers, manufacturers, and services industries have seen themselves been overtaken by innovators from the West and East. Meanwhile, despite 20 years of data protection regulation intended to build trust in industry, consumer confidence and trust has fallen. And all the while, the debate has grown increasingly adversarial.

The sad and frustrating thing for me is that underneath it all there is strong common ground.

We all know data has huge potential. The next decade should see true disruption: Mobile apps to prevent diseases, algorithms to help millions of drivers get to work faster, or personalised learning systems building tailored curriculums for our children.

New EU privacy rules will create 28,000 jobs, says industry group

Privacy experts are about to become very in demand. Europe will need an estimated 28,000 specialists under the newly minted EU data protection regulation, according to industry group IAPP.

No one wants a trade-off between privacy and innovation. I can’t remember the last time I met a business leader who thinks riding roughshod over people’s fundamental rights is a good idea. Likewise, none of the many policy makers and regulators I’ve met over the years actually wants to stifle growth and innovation. We all want both.

Is there a way forward? A way to build on this common ground? I believe there is.

Twenty years ago, when the EU’s first data protection regulations were adopted, it may have been right to assume that it’s only organisations that control data. Smartphones and social media were still almost ten years away.

Since then, the world has changed. People now hold powerful technologies in their pockets. They use them to communicate, to share, to discover, to create – using data for their own purposes.

These tools and services are not the end of the journey. They’re just the beginning. Every piece of research into attitudes towards personal data tells the same story. Consumers want more control over their data. They want to get more value from their data and entrepreneurs are now rushing to give them both. Just look at digi.me, which is creating a user-controlled marketplace around personal data; YesProfile where users can lease fragments of their data to brands; or the QIY Foundation which helps people manage and keep track of their personal data online.

This is not about large multi-national corporations controlling technology in ways that turn people into passive ‘data subjects’. It’s about new services that help people take control of their own data and use it for their own purposes: to gain insights into their own behaviours, make better decisions, to improve their own lives.

This is a good thing. It should be encouraged – it proves that enhancing privacy and fostering growth go hand in hand. In fact, I’d go one step further. The supposed trade-off between innovation and privacy shouldn’t be seen as a battleground where there can only be winners or losers. Moving past this trade-off thinking is a major innovation opportunity (and challenge) in its own right.

First, it’s an opportunity to design new services, technologies and business models that create new value while also enhancing peoples’ privacy. Second, it’s an opportunity to implement data protection regulations in creative ways that positively engage users and truly deliver trust, transparency and user control.

We need to move forward.

Data protection regulators now recognise the potential of personal data entrepreneurship. Giovanni Butarelli, the European data protection supervisor, writes that, “individuals need to be offered new, innovative ways to be informed about what happens to their data, and to exercise control over their data.”

Andrus Ansip, the driving force behind the European Commission’s digital single market initiative, says the DSM aims to “bring more opportunities for citizens to exercise their rights as consumers, entrepreneurs and creators.”

Data protection watchdog: Privacy Shield is 'not robust enough'

The EU’s top privacy watchdog blasted the still pending Privacy Shield agreement yesterday (30 May), dealing a blow to the European Commission-brokered data transfer agreement with the United States.

We agree. This is a powerful way to ensure that the voices of individuals are heard in the personal data debate. But we also recognise that no individual company can achieve it in isolation. It needs the active support of all, from the biggest corporates to the smallest start-ups, from ‘top-down’ policy making and regulation to ‘bottom up’ involvement of citizens and consumers.

That is why we are launching a broader collaboration, based on the insights from our work over the past 12 months. This collaboration is less about words and more about actions – actions designed to foster design-led innovation to build trust, transparency and control, to support Europe’s new startups seeking to empower people to get value from their own data, and to stimulate greater industry leadership on more sustainable models for personal data.

Europe has just adopted a new framework for data protection. But this is just the start – the success or failure of the GDPR is ultimately in the hands of regulators and industry. If the intention is to enable Europe to capitalise on its enormous creative talents, we need to find ways to harness that creativity to deliver the things and experiences that people want – including the way people’s data is controlled or protected.

That creativity will largely need to come from industry – and our plea to policy makers and regulators is to give industry the space to act and innovate in this direction. We will need to adopt a new collaborative approach: If we’re going to build people’s trust in European industry and regulation, we need to start by building trust between industry and regulators.

Parliament approves privacy rules after record number of amendments

MEPs approved new EU privacy rules today (14 April), including a regulation on consumer privacy that drew the aggressive ire of lobbyists during its four-year run through negotiations in the European Parliament.