Wednesday, 5 August 2015

Consumer data protection and the need for alternative new responses

Speaking at the International Symposium on Rule of Law and Consumer Data Protection in Beijing last week, CI’s Director General Amanda Long outlined why data is fast becoming a defining consumer issue for the 21st Century, and the need to identify effective responses that ensure consumers benefit from this data-driven innovation.


The Internet and the innovations it has given rise to, have delivered unprecedented benefits for billions of consumers. 

Data is the commodity that is powering much of this innovation and the digital economy more widely. Handing over personal data is now as key to facilitating an online transaction as handing over money.

While enjoying the benefits, consumers are expressing increasing unease over how personal data is being used.  

The latest European Commission research with consumers reveals that:
  • 67% are concerned about not having complete control over the information they provide online;
  • 71% feel that providing personal information is an increasing part of modern life and accept there is no alternative to providing it if they want to obtain products and services.

New research from the University of Pennsylvania finds that:
"Rather than feeling able to make choices, Americans believe it is futile to manage what companies can learn about them…..More than half do not want to lose control over their information but also believe this loss of control has already happened."

Concerns expressed by consumer advocates are reflecting these sentiments. In our recent Global Consumer Protection Survey, CI Members expressed concerns that the digital economy’s rapid evolution is outmoding and outpacing consumer protection:
  • 76% felt enforcement of consumer protection is ineffective in the digital economy (worse than any other sector);
  • 80% judged legislation, regulation and standards relating to redress as ineffective at keeping pace with the digital economy.

Is it time to reboot how we approach data protection?

Today’s smartphone era is characterised by the ease and efficiency with which data can be collected, processed, stored and transmitted; and also by the range of data that is collected including: location, browsing history, contacts and purchases made to name a few.

And yet much of the current data protection legislation around the world was framed as response to the era of mainframe computers and early databases.

Consumers’ growing sense of powerlessness and loss of control in relation to the collection of our personal data is therefore an understandable response.


How best to respond? 

When agile is the guiding principle for how tech companies organise, when products are developed in ‘sprints’ and when the low cost of network effects on the internet mean a service can reach tens of millions within months, can conventional approaches to regulation and consumer protection processes - working to decade-plus revision cycles - really offer effective responses or remain fit for purpose?

Or do institutions charged with consumer protection and data protection and their processes need to evolve too – working in much more agile ways and across the siloes their remits create?

Are there complementary or alternative means for ensuring consumer/data protection that can offer more dynamic responses?   

Self-regulation might be part of the answer, but does it stand a chance of being effective or credible while an ethos of better to ask forgiveness than permission permeates Silicon Valley? 

Or, actually, are the incentives for making self-regulation work in a demonstrable manner significant, given the unintended consequences that well-intentioned, but poorly executed statutory approaches could have on innovation?

A hybrid option might be around “regulated self-regulation” – where government regulators create the conditions in which businesses can demonstrate they are acting in data-respecting ways. The creation of specific ISO standards could support this.

As I outlined in a previous blog, another approach could involve developing tools and services that empower consumers - giving them agency in relation to which data they share, with whom and for what purposes. 

Can the market itself drive change as online privacy and control over how data is used becomes a ‘feature set’ that consumers demand?

Early signs here offer some encouragement – not least as elements of the tech sector either start to realise there is a growing imperative to demonstrate their data-respecting credentials if they are to ward off heavy handed regulation; or realising it makes business sense as they seek to expand to markets, such as health and banking, where data is all the more sensitive.

No doubt the optimal response will draw on elements of all of these options, but getting to that point will require concerted engagement from all working in the consumer interest.

If personal data does, as all the indicators suggest, become the defining issue of the twentieth century, it’s imperative that engagement starts now.




No comments:

Post a Comment