Internet firms warn about EU’s data privacy proposals

Cybersecurity data protection.JPG

This article is part of our special report Data protection.

The European Commission's intentions to force Internet social networks to seek consent from users every time they log on to websites will damage e-business and set Europe's digital innovation strategy back, says the largest consortium of on-line industry in Europe.

The reaction came following a speech last week by the Commissioner for justice and fundamental rights Viviane Reding about online privacy. 

Reding indicated firmly that she would ask all websites, including social networking sites like Facebook, to seek explicit consent from their European users before preserving their IP addresses.

Speaking last week (28 November) to a conference on data protection staged by the US Chamber of Commerce, Reding described in detail the type of reforms that she would seek in an overhaul of the 1995 Data Protection Directive which she will unveil early next year.

Fragmented approach costs EU €2.3 billion each year

The commissioner said that the reforms would seek to unify the data protection regimes across the EU as currently each member state applies varying rules to data protection. A fragmented approach was costing the EU €2.3 billion each year in lost business, she claimed.

“Individuals should be well informed about privacy policies and their consent needs to be specific and given explicitly,” Reding told the meeting.

Industry broadly welcomes the attempt to create a unified data protection regime, but is nervous about the proposal to seek such explicit consent from Internet users.

In practice this might entail 'consent boxes' being used every time an IP address of individual users was transferred to a web site offering goods and services, which industry believes could create on-line jams and deter consumers from using web sites.

Reding set to follow Parliament’s lead

The Commission has come under pressure from the European Parliament to propose strict consent criteria from Internet users. In July, the centre-right European People’s Party (EPP), the largest in Parliament, issued a report which said: “The information which social networks provide to users about purposes and different ways in which personal data is processed  must be easily accessible, visible  and understandable for the user.”

“Most of our members are very, very concerned about this over-expansion of a balanced regime,” Kimon Zorbas, the vice presdinet of IAB Europe, the largest the trade association of the European digital and interactive marketing industry, told EURACTIV.

He said that such an "explicit consent" clause would have a freezing effect on the European digital market.

Positions

“We share the view that clarification of the concept of consent is needed but changes in the current consent rules need to be carefully considered. Indeed, we have seen that the specific consent rules that were introduced e.g. to limit spam have resulted in increased complexity for businesses but failed to adequately limit spam,” according to a statement by IAB  Europe.

“A valid and meaningful form of consent should depend on the context in which it is given,” the statement concluded.

Background

Existing European Union rules on data protection were adopted in 1995, when the full potential of the Internet had not yet been realised. According to the EU, in 1993 the Internet carried only 1% of all electronic information, while by 2007 the figure was more than 97%.

While the growing number of tailored products and services offers increased benefits for consumers, it also relies enormously on the use of personal data.

Private information can range from financial data, such as credit card numbers or bank account deposit details, to sensitive information concerning health conditions or sexual and political orientation.

The possibilities for misusing or abusing this information are infinite. The Commission has already flagged several ideas on how to improve data protection, through increased awareness of the data used and possible breaches of personal information; introduction of the right to be forgotten; clearer methods to require authorisation from data holders to deal with their personal information.

Timeline

  • End of January 2012: Commission scheduled to publish review of Data Protection Directive.

Further Reading

Subscribe to our newsletters

Subscribe