It has long been clear that member countries of the European Union would act aggressively where social platforms were found to be intruding on individual privacy. Arguably, they've shown more mettle than the States, although the FTC recently flexed its muscles in a settlement imposed on Facebook.
The key provision of that settlement, in my view, required Facebook to obtain "affirmative, express consent," in advance, for any changes to its privacy policy. The FTC will be monitoring compliance for the next 20 years. Tough?
Not compared with what the EU has in store for the Internet, judging by the draft directive released this week, especially the threatened penalties for infringements. The directive, which would rewrite the Data Protection Directive of 1995, requires the approval of the member counties, which would then need to pass it into law. What it contemplates, however, must be sending chills down some social media spines.
Here are the main measures:
Consumers must be told when and why their data is being collected.
There would be time limits on retention of data.
Regulators would need to be notified of data theft within 24 hours.
Companies with more than 250 employees would be required to appoint a data protection officer.
Consumers would have the right to transfer their information from one Web platform to another platform.
Consumers would also have the right to compel companies to erase their data.
The fines that would be imposed in the event of infringement are meant to hurt -- up to 2 percent of annual turnover, which, in the case of giants like Google and Amazon, could run to hundreds of millions of dollars.
The impetus toward more openness about data collection practices mirrors the developing attitude toward Internet privacy in the States, as reflected by the FTC's dealings with Facebook. What is novel about the European approach is the apparent presumption that users continue to own their personal data, even after it has been posted. The concept of a Facebook user being able to pack posts, photos, and videos and transfer them to Google+ ought to give Mark Zuckerberg cold sweats.
Even though imposing a single standard for data management across the European market should in some respects simplify compliance, some are already protesting that the directive would create an unnecessary burden on the enterprise. Thomas Boue of the Business Software Alliance, for example:
The risk in the proposal's current design is that it will bog down companies with onerous compliance obligations, which could inhibit digital innovation at the expense of job creation and growth.
Passing the directive is not going to be a slam dunk. The Internet giants, perhaps buoyed by their success against SOPA/PIPA, are not going to come quietly. Microsoft and Google are arguing that the proposals are unworkable as drafted, and the UK has yet to get on board with the process.
In a statement, the UK's Information Commissioner's Office welcomed many elements of the proposal but warned that "in a number of areas the proposal is unnecessarily and unhelpfully over prescriptive," failing "to properly recognise the reality of international transfers of personal data in today's globalised world."
It would surely be a miracle if lawmakers were to draft an Internet proposal that made complete technical sense the first time around, but if Google, Facebook, and the rest of the crowd think that consumers -- especially Europeans -- are going to believe that this one will "break the Internet," they should wake up and smell the cafe.
I think the lobbyists behind SOPA/PIPA knew what they were mandating, but it was depressing to see supposedly tech-savvy lawmakers, like Chuck Schumer, suddenly reverse themselves during the day of action. "Oh, it's going to do that? Well, I'm against it then."
There are some things they enforce what one would expect is just common sense in today's market (such as transparency)
I think transparency is elusive in most service contracts we sign, either a monthly mobile phone plan, or broadband subscription. If there was transparency, then VOIP blocking and P2P throttling wouldn't sneak into our data plans, they would be announced loud and clear in advance!
try to mandate without having any idea of exactly what they're asking in a way that makes them look woefully ignorant of the technology they're trying to regulate.
That's an issue with most legislators. Though I should point that SOPA/PIPA proponents were at first called "clueless" on Internet technologies, but as it turned out in the process, they knew exactly what they were mandating and its implications.
I would agree that over-regulation is harmful and would hinder innovation.
Me too, although I have a real love-hate relationship with the EU. There are some things they enforce what one would expect is just common sense in today's market (such as transparency) but other things they try to mandate without having any idea of exactly what they're asking in a way that makes them look woefully ignorant of the technology they're trying to regulate.
At what point do consumers have to take responsibility for their own actions? At what point does activity change from "You should have known better" to "We need to be protected from this"?
I'm not sure if the EU really knows the answer, but I have a hard time arguing against more transparency.
Well said slfisher, some things need to stay simple. But, if you ask Google, Amazon, and others, about how they have build their state-of-the-art data-mining algorithms, tools and platform, then "simplicity" is a lost cause. Implementing privacy rules (or any kind of rule) will definitely bear costs for industry and affect existing business models. I think it's a valid cause to intervene with those business plans that don't respect users. Still defining such statements in technical terms is not simple!
I would agree that over-regulation is harmful and would hinder innovation. I think your statement bring the right questions to the front:
Of course, there are plenty of sites that are abusing their power and abusing the practice of collecting and sharing data.
So do we accept that these abuses are OK for some sites, or do we want something to protect users from such practises?
I think this is the question the new rules try to answer. And something about "self-regulation" :) I don't think "self-regulation" is an antidote to greed. If there is fear for a considerable fine in place, then you have a detterent.
with security systems that are so arduous and complicated that nobody can comply with them. A security system that is too hard is going to end up being ignored, and that's worse than nothing.
I don't know. I think it is a bit much to be expected to tell users each and every time their data is being used for something; and it is a bit much for users to receive that kind of information. Signing up for a "free" service, one uses his/her information as payment. I don't think sites need to ask permission each and every time they use that info. Of course, there are plenty of sites that are abusing their power and abusing the practice of collecting and sharing data. That needs to be controlled, but this sort of proposal takes it too far, I think.
The second question is a very good one. You might indeed have trouble claiming your rights if you've been posting anonymously.
As to your first point, I won't pretend I've analysed the massive amounts of material released by the EU line by line, but this is the kind of language you'll find:
In particular, data subjects should have the right that their personal data are erased and no longer processed, where the data are no longer necessary in relation to the purposes for which the data are collected or otherwise processed, where data subjects have withdrawn their consent for processing or where they object to the processing of personal data concerning them or where the processing of their personal data otherwise does not comply with this Regulation.
Here's a page of resources from the Commission itself.
• There would be time limits on retention of data.
I'm not sure what the specific limits would be, but if it applied to all data, then this would essentially put an expiration date on large portions of info on the web...
Do these privacy requirements apply to services that allow anonymous users? if you create a "fake name" for Facebook... what services do these privacy laws apply to -- any service that requires a registration?
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Catch up on the week with one simple serving of Friday File. We've pieced together 10 interesting news bites you may have missed and put them together in bite-size morsels.
I've been excited by a few technology announcements, and bored by many, but Google's I/O announcement this week is the first where I found myself getting choked up and teary.
What's the prognosis for telehealth? Medical professionals have technologies they need; some state legislatures are enacting supportive laws, and both employers and employees tout the benefits. Yet other states have let proposals wither, insurers aren't sure how to charge for services, and physicians worry about liability and patient care.
The UK’s Information Commissioner's Office has reopened its investigation into Google after the company admitted to taking more than just pictures with its Street View car, but some of the responsibility should fall on the people.
Google's problems in Korea and the leaked internal document on exploiting private data show that, if we want to avoid active regulation, we need more explicit disclosure of what companies do and don’t do with what they collect.
In the final episode of this series about the death of Internet anonymity, Saunders describes how the Internet of the future will start to attain a level of intelligence that requires no human intervention. Scary.
What can users today do to protect their online privacy? The simplest and most obvious option is to not use the Internet – at all. However, once all digital information is consolidated over the Internet, trying to protect digital identity by simply unplugging from the Internet becomes impossible – a fact that has manifest implications for civil liberties, Saunders says.
By 2011 the number of Internet-connected sensors will exceed 1 trillion, making your chances of doing anything or going anywhere unnoticed pretty much zero. Saunders talks about how the 'sensortization' of the Internet is eliminating the traditional divide between online and offline populations.
The 20th Century Internet was characterized by the ability to interact with other people and information on the Internet largely without anyone knowing who you were. The Internet of this century, conversely, will be defined by identity. Saunders explains how Internet users are unwittingly contributing to the demise of the anonymous Internet.
The plan for unmanned police drones to patrol traffic and other city conditions in Seattle has sparked a new set of legal concerns about privacy. Law traditionally lags technology, but we can expect now to see a new round of activity in the courts as legal definitions begin to emerge on what "next-gen privacy" will look like.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Subsidized handsets, rather than locked handsets, should be the focus of regulators. We're not getting good deals, not fostering innovation, and weakening our power as buyers.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
