The proposed data protection regulation from the European Commission, could have significant consequences for all Internet companies that trade in personal data, whether it is pictures that people post on social networks or what they buy on retail sites or look for on a search engine.
The regulation would compel Web sites to tell consumers why their data is being collected and retain it for only as long as necessary. If data is stolen, sites would have to notify regulators within 24 hours. It also offers consumers the right to transport their data from one service to another — to deactivate a Facebook account, for example, and take one’s trove of pictures and posts and contacts to Google Plus.
The proposed law strikes at the heart of some of the knottiest questions governing digital life and commerce: who owns personal data, what happens to it once it is posted online, and what the proper balance is between guarding privacy and leveraging that data to aim commercial or political advertising at ordinary people.
The proposed regulation is scheduled to be released today in Brussels. The European Parliament is expected to deliberate on the proposal in the coming months, and the law, if approved, would go into effect by 2014.
The regulation is not likely to directly affect American consumers. For American companies, its silver lining is that it offers one uniform law for all 27 countries in Europe. Currently each country, and sometimes, as in the case of Germany, each state, has separate laws about data protection.
Even so, many of the provisions are likely to be costly or cumbersome. And the proposed penalties could be as high as 2 percent of a company’s annual global revenue, according to a European diplomat who did not want to publicly discuss unreleased legislation.
Perhaps for historical or cultural reasons, Europeans tend to be more invested in issues of data privacy than Americans. Certainly, the proposed regulation is evidence that European politicians consider it to be a more urgent legislative issue than members of the United States Congress. Privacy bills have languished on Capitol Hill. Those that have been proposed, by Senator John Kerry and others, have none of the strict protections included in the draft European regulations.
For the most part, American companies have pushed for a system of self-regulation and regard European-style regulations as a hindrance to innovation.
Ronald Zink, chief operating officer for European affairs at Microsoft, pointed to the potential difficulty of obtaining explicit consent. He gave the example of Microsoft’s Xbox Kinect system, which stores body measurements so it can visually recognize repeat players. He worried that the proposed law would require players to provide consent every time they played a game, even if the information never left the game console, requiring more time and effort on the player’s part. “We have designed the product to be private,” Mr. Zink said. “We put a lot of thought into how this controls our work in terms of privacy by design.”
My guess is that GOOGLE will fight this legislation as it is more interested in selling advertising based upon an individual’s profile than in protecting privacy.
Thanks to SOMINI SENGUPTA and the New York times, and
Thanks for “listening”
Howard