The EU is currently seeking to replace its nearly two decade old policy on data protection for the Internet, social networking and smartphone age. Its proposed reforms seek to deliver better data protection, legal certainty and trust, with the aim of enhancing the EU’s competitiveness. Kristina Irion and Giacomo Luchetta discuss their new report on Online Personal Data Processing and EU Data Protection Reform, arguing that the reforms may fail due to the real risks of the politicisation of data protection, the still fragmented nature of regulations on electronic privacy, and a lack of innovative elements in the proposals.
Data protection policy has developed from being a niche regulatory subject into a mainstream concern for policymakers, individuals and businesses. The issue’s salience today can be explained by the role that is envisaged for personal data in the emerging information-rich economy. The Boston Consulting Group has estimated that the volume of global data transactions is increasing annually by 45 per cent and in the near future 8 per cent of the EU’s GDP will be directly attributable to extracting value from information. When personal data is a most valuable commercial asset on which many online businesses thrive, companies’ stakes in any regulation that would restrict their ability to use personal data as they see fit are understandably very high.
As online technologies develop, connected mobile devices proliferate and the use of social media grows exponentially, users appear to divulge information about themselves and to accept a company’s terms and conditions with a quick click of the mouse. But it is not just carelessness that makes users surrender their privacy but the fact that consumers are often not empowered vis-à-vis online companies. Numerous studies have shown little consumer confidence in the way many online companies make use of personal data and resignation about users’ effective ability to control their personal data.
Since the 1990s a distinct European approach to data protection has developed which is firmly embedded in a constitutional recognition of the right to privacy. Moreover, the “right to the protection of personal data” has evolved to become a modern fundamental right in the EU. In the face of ongoing transformations that have been spurred on by Information and Communications Technology, we may not yet fully comprehend the importance of these rights for individuals and our democratic culture even in a commercial context. Certainly, data protection should be enabling for modern business models, including those that require sophisticated analytical techniques, as long as this is in the interest of consumers and their ability to influence if and how their personal data is used is respected.