Analysts say the proposal for internet users to delete their online data and become invisible online could create a black hole in the web economy. Tineka Smith reports.
Last year the European Commission announced proposals for the 'right to be forgotten' among internet users. When the new law comes into effect companies will be forced to delete users' data when they request it. These new changes are aimed at tech companies such as Facebook and Google who use data for monetisation reasons. Organisations will have to explicitly ask users for their permission to process their personal data rather than just automatically store it. The change will directly affect firms that
use data including marketing, Big Data and financial services.
Some data experts say the move will be disastrous for the web economy and will cause industries that operate on data to suffer, while many also fear it will make Europe less competitive against technology powerhouses such as the US.
However, others say the proposal has its benefits and that businesses simply need to adapt and focus their efforts on
making consumers more comfortable with sharing their data.
"Industries that deal with data would not plummet, but they would have to change," says Nick Brown, managing director of identity management specialists GB Group. "Facebook, Google and other companies that manage vast amounts of data will need
to take more responsibility if this legislation is enacted, and the process will not be a simple one. The ability to navigate through challenges like this is the challenge that all successful businesses face if they are to endure."
EU Justice Commissioner Viviane Reding is actively pushing for companies to allow users to delete any data being held by
websites and to be more transparent about the data collected on consumers and their reasons for gathering it.
"Citizens do not always feel in full control of their personal data," says Reding. "My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information."
Reding says the proposal aims to increase "responsibility and accountability" for companies processing personal data. Companies with more than 250 staff will be required to appoint a data protection officer, and the rules will affect any business dealing with data that operates within the EU market and offers services to EU citizens. The likes of Google and Facebook are aggressively lobbying the European Parliament about the Commission's proposal, saying it could add administrative burdens and fines. However, Reding says the EU will fight any petitions or companies that push for exemption or the law to be less strict.
"Any company operating in the EU market or any online product that is targeted at EU consumers must comply with EU rules," Reding insists. "Exempting non-EU companies from our data protection regulation is not on the table. It would mean applying double standards. "Data protection is a fundamental right in Europe, which is clearly enshrined in the Charter of Fundamental Rights. While this may not be the case in other parts of the world, one thing is clear: if companies want to tap into the European market they have to apply European standards. Increasingly, it seems, citizens the world over want to protect themselves."
According to technology analysts Ovum, more people are looking for tools that help them remain untraceable online, with the firm's recent Consumer Insights Survey revealing that 68% of consumers across 11 countries globally would select the 'do not track' feature if given the choice. This is off the back of privacy scandals and issues over data use policies involving Facebook and Google, which have increased consumer concerns about their personal data to the extent that Ovum's study also found that only 14% of consumers believe that internet companies are truthful about their use of consumers' personal data.
Meanwhile, research by LogRhythm, a security information and event management IT platform, reveals that 80% of the UK public do not trust organisations to keep their data safe, with social networks seen as the least trustworthy.
"Unfortunately, in the gold rush that is Big Data, taking the supply of 'little data' - personal data - for granted seems to be an accident waiting to happen," says Mark Little, principal analyst at Ovum.
"However, consumers are being empowered with new tools and services to monitor, control and secure their personal data as never before, and it seems they increasingly have the motivation to use them."
Yet some claim that the proposal is creating a threatening scenario for the internet economy, and that stricter regulation could strangle personal data supply, having a significant impact on targeted advertising, CRM, data storage, Big Data analysis and other related industries. Nick Halstead, CTO of social data company Data Sift, says that some industries in its sector are still growing and the proposal would prevent them from fulfilling their potential.
"This [proposal] is potentially damaging- especially when the market for Big Data is not even at its peak yet," says Halstead. "There are billions being spent in this market and it could cripple Europe's ability to be competitive. We have huge amounts of data stored that deal with the historical information of users. "It really does depend on how it's implemented and the level of making people anonymous after a period of time. In the end, however, it will mean less companies starting up in Europe because of it and it will mean less investment in Europe. Everyone will just move their businesses to the US."
Colin Tankard, managing director of data security company Digital Pathways, says the social media, search engine and comparison site companies will be hit the hardest. But he believes that these types of businesses are the reason the law is being proposed.
"Companies like Google would see a drop in their revenues, as a significant part of their business is built on advertising and their ability to target end-users by their browsing history," says Tankard. "Social media would also have the same issue as they also are using the information they build on people to generate advertising or market research revenues.
"The companies within social media and the search engine or price comparison sites will be massively compromised by this law, but they are the ones who have brought this about as their use of tracking cookies, IP harvesting and mobile phone number recording has led to the significant increase in email, SMS spam, phishing and Trojan infestation."
Some experts point out that there are already data protection laws to protect users, but many internet users enter into privacy agreements without reading them.
"There are already laws in place, so what we are really talking about here is social media data, which if anyone has used the sites will know, anything you make public can become public eventually," says Chris Mathews, CTO at SysMech, which provides solutions for real-time network, service and performance management systems. Mathews, though, says while the proposed law is doable, monitoring data could be difficult and costly.
"It would be feasible in the long run, but existing data stores would be a problem and policing it would be a huge issue - cost and resources wise," says Mathews. "There will need to be a buy-in from the organisations concerned and as a consequence the proposals must be well thought out so there is an operational framework that is viable and enforceable."
Change perceptions
Ovum says that it will be a challenge for internet companies to change consumer perceptions about how their data is being used. The analyst firm suggests companies introduce new privacy tools and campaigns to show consumers that they can be trusted, while improving the transparency of data collection will also help to build trust.
"Internet companies need a new set of messages to change consumers' attitudes. These messages must be based on positive direct relationships, engagement with consumers, and the provision of genuine and trustworthy privacy controls," says Ovum's Little.
"Most importantly, data controllers need a better feel for the approaching disruption to their supply lines, and must invest in tools that help them understand the profile of today's negatively minded users - tomorrow's invisible consumers."
"This new law is exactly what the public needs in order to restore consumer confidence in cyber security, which has clearly eroded across all industry sectors over the past couple of years," says Ross Brewer, vice-president of international markets at LogRhythm.
"There is an urgent need for organisations to reassure consumers they are capable of safeguarding networks, and the public is increasingly demanding mandatory disclosure of any incidents in which data has been compromised."
Yet there those that insist that the regulation will do the opposite of making consumers feel safe online.
"Overall, this section of the regulation risks failing to achieve what it sets out to do by damaging consumer trust and increasing the complexity and volume of data processing," argues Dennis Dayman, chief privacy and security officer at Eloqua.
Meanwhile others believe that if building consumer trust is the main goal of the legislation, then there may be an alternative way forward.
"Ultimately, trust is the central issue of the overall purpose of the legislation. The EU is seeking to instil trust through the legislation," says GB Group's Brown. "Perhaps the best way to achieve trust is for businesses to operate freely on the basis that if they abuse their responsibility, then they will be held accountable and ultimately lose the customers on which they depend.