The revival of the draft EU data protection legislation following yesterday’s vote in the European Parliament has triggered a fresh warning to direct marketing companies over the future of opt-in consumer data.
Despite constant reassurances that there will be no change in the current way DM firms gain and manage consent – for existing and new data – some experts believe there are plenty of potential pitfalls ahead.
Ovum’s telecoms regulation analyst Luca Schiavoni said: “The landslide votes in favour for each amendment, both for the Regulation and for the Directive, suggests that the Parliament is orientated toward a consumer-protective legislation, and that advocating against the draft rules will be even harder after this stage.”
However, Schiavoni maintains many concerns remain as to the viability of these rules in practice. He added: “The definition of what ‘personal data’ may now be ‘future-proof’ as the rapporteur, MEP Jan Albrecht, argued; nonetheless, it is still very vague, which may open up a loophole in the legislation.”
Working out in detail how to ensure that a user gives ‘explicit and informed consent’ to personal data processing also remains a challenge, he believes, this is likely to turn into an extenuating box-ticking exercise for end users of online services and apps, and is likely to be burdensome for Internet companies to implement.
“The amendments voted yesterday also include tighter rules for the transfer of personal data to non-EU countries upon request from a public authority, which should now be possible only on the grounds of EU law or treaties between countries. This seems to be a reaction to recent headline-making stories such as the Prism scandal, and, if passed in this form, may strongly limit US companies’ ability to transfer European users’ data to the US.
“The significant hike in fines for breaching the rules will also be a cause for Internet companies’ concern. The set of fines seems to have been devised with some internet giants in mind, but it looks disproportionate for smaller companies. Clear regulation will be necessary to ensure that small start-ups can easily comply with it, without running the risk to be hardly hit for not complying with rules that appear difficult to implement.”
Meanwhile, Advertising Association director of communications Ian Barber said: “[The] vote was disappointing, but not unexpected, and thankfully not the end of the process. The Committee’s amendments risk cutting-off advertising revenues for online businesses, stifling UK leadership in the digital economy, and critically, they will make the Internet harder work and less accessible for users.
“We want to see Member States take a more proportionate approach – updating the rules in a way that works for 21st century business, as well as people.”
But German Green MEP Jan Philipp Albrecht, who was the lead parliamentary negotiator on the legislation, claimed Google and other online firms had anything to fear from the new legislation. He said: “They will be able to do their business as they do today. But if they retain data for longer than is necessary, or if they don’t inform consumers about how their data is being used, they will be in violation of the rules. If Google just tries to involve consumers in the process and doesn’t hide its intentions or the extent to which personal data are involved, then it will be okay.”
New EU data laws ‘back on track’
EU chief battles to save data laws
EU plots ‘light’ version of data laws
Personal data to be worth €1trillion
Future of EU laws ‘clear as mud’
‘Safe harbour’ faxes axe in review
Merkel fury could hit EU data fight
Prism-gate row: now Sorrell wades in
EU chiefs calm fears over opt-in
Prism-gate may scupper EU data war
Prism row engulfs marketing data
New delay fuels EU data warning