Last week I spoke at a conference which was jointly organised by the European Data Protection Supervisor (EDPS) and BEUC. Its motto hit the nail on the head: how can privacy rights be enforced in an era where big data fuels our economy?
Digital technologies and big data are transforming the way we live, the way we work, the way we take decisions. It’s affecting each and every one of us from many different perspectives. New and innovative services and products are hitting the market everyday – often benefitting consumers in various aspects of their lives. And the Internet of Things, where the connected products do the thinking for you, takes this transformation to another dimension.
Consumers lost in opaque and non-negotiable terms and conditions
Consumer data is the most valuable asset in the digital economy. Sadly for consumers – and conveniently for business – many of us don’t have a sense of this. We do not understand the way data is hoovered up, processed, stored and monetised. Time and again this problem is appearing in the different cases against social networks and mobile apps brought by BEUC members’ UFC-Que Choisir, the Federation of German Consumer Organisations and the Norwegian Consumer Council.
We do not understand the way data is hoovered up, processed, stored and monetised.
Our privacy is handled through extensive terms and conditions, which are difficult to read, even more difficult to understand and which often do not reflect what really happens once we click “I agree’’. Anyway, they cannot be changed even if you don’t agree. It is a take it or leave it deal for consumers!
Bring down those silos!
Digital markets bring down borders. Enforcers and supervisors need to follow suit and break out of their own silos.
- Privacy provisions must be in privacy legislation but also in energy, transport, financial services, or consumer contract laws.
- Digital markets are global. Digital fraud is global. But regulatory responses are mostly national. There is a need for far more coordination of national and supranational authorities to identify, prevent and chase digital fraud.
- Privacy enforcement must be cross-sectoral. Enforcement authorities typically have mandates which are limited to their juri
sdiction. This leaves loopholes that can be exploited by privacy infringers. Every authority which supervises market players must be aware and act when there are privacy infringements. This includes privacy authorities, but also consumer protection agencies, competition authorities, telecom, energy regulators and even car type approval authorities which allow connected cars to hit the road. There is an urgent need to break out of our silos – even if this means new territory for some authorities. Enforcers have to team up to exchange expertise, build capacity, coordinate enforcement and strengthen the privacy safety net.
- Enforcement authorities have a lot to gain by teaming up. And they should cooperate more with consumer organisations. Their grass-roots experience, direct contact with citizens, specific analysis and perspective can significantly feed into the preparation and roll out of enforcement cases.
We are convinced that this is the way forward and therefore welcome the proposal made by EDPS in its recent opinion on coherent enforcement of privacy and consumer rights for the establishment of a digital clearinghouse. This is certainly an important step in the right direction on which such a coordinated enforcement strategy can be built.
Digital markets are global. Digital fraud is global. But regulatory responses are mostly national.
Bring in the geeks!
With the exception, probably, of the data protection authorities, traditional enforcement authorities struggle to understand the practical implications of digital technologies. But they have to do this to be able to get an accurate picture of what is at stake. Therefore, enforcers must get input from those who have the digital skills. A ‘geek’ team that could be put at the disposal of all enforcement agencies might be a first interesting step in creating a digital clearinghouse.
Getting out of silos is an intellectual challenge. But it is essential if we are going to be able to protect people’s data.
Click here for the take-aways of European Data Protection Supervisor Giovanni Buttarelli.