A senior executive at the search firm told me that two industries which depended on data, advertising and the web, were just about the only things a sclerotic European economy had going for it, and now both were in danger of being strangled by bureaucracy.
"The data protection directive sees data as a bad thing," said the executiveWhilst many see the combative approach of EU commissioner Viviane Reding and her equally bullish partner-in-crime-come-potential-adversary "Steelie" Neelie Kroes as a good thing - a positive part of a fight for control over our data as the only language the big data corporations understand is the law - I have some sympathy for Google's apparent frustration.
I don't believe confrontation leads to good law, and by good I mean law which is effective in its aim, proportionate in scope and is not overburdensome to enforce - enforcement burden: level of policing required, economic cost of red tape and infringement on personal freedom/autonomy.
Part of my criticism of digital intellectual property enforcement legislation (SOPA, PIPA, ACTA and DEA) is the way these laws were conceived and drafted; in a confrontational environment. All attempt, in varying degrees, to regulate an industry - the internet industry - without extensive consultation with the industry they're trying to regulate.
In fact in many cases the internet industry was deliberately excluded from the process, in other cases public consultations were carried out only to ignore serious objections from credible voices within the industry.
The internet, its relationship with society and with commerce is incredibly complex in nature. In no other complex industry would governments attempt to regulate without extensive consultation with the industry (e.g. banking, medicine). Concerns about regulatory capture noted, it is equally unacceptable to completely exclude from the discussion those with the best insight and understanding of the problem the regulation attempts to solve.
UPDATE 12:53: note I said "exclude from the discussion." Granted companies can lobby and respond to consultations, but I see opportunity for meaningful and constructive dialogue between all stakeholders. Only through such dialogue can we hope to achieve a better understanding of the problem, and only then can laws be drafted to solve the problem. The process as it stands is confrontational.
Data protection and digital privacy are serious legitimate issues of public concern. But unless legislation is workable one of three things will happen.
Either regulation will be ignored and eventually abandoned due to enforcement burden; or, data companies will exit the EU yet continue to collect/process/sell data on EU citizens due to the elastic nature of the online jurisdiction - and still turn a profit without an EU presence, robbing EU states of any economic benefit; or, EU businesses and citizens will be denied the benefit of technological advances and low-cost services because of the effective outlawing of certain data practices.
Yes we need to do something as a society to address legitimate concerns, but I personally feel that something has to acknowledge both the scale of the problem and the limited impact legislation can have.
Does the EU data protection regime "see data as a bad thing?"
I believe we need to radically rethink our approach to digital privacy and data protection. The harm spectrum is broad and our current understanding narrow, with a lot of grey in the middle.
We need to separate the two concepts of personal data and privacy. They are fundamentally different. We need to work with the internet industry as a whole to draw the boundaries on privacy to prevent intrusive monitoring of what are clearly private actions.
But there is a possibility we need to scale-back our data protection demands in some areas when it relates to data captured in the online equivalent of a public space.
Yet my sympathy for Google and other technology giants is tempered by their unwillingness to date to engage with privacy advocates and fund a broad cross-section of community-led policy research.
Yes there is self interest, because Open Digital needs financial support to reach our self-funding goal (see slide 9 from my presentation at Digital Surrey last night), but I hear this from many advocates involved in the digital privacy debate: only this morning I saw, from Privacy International advisory board member Alexander Hanff:
@PaulbernalUK @guy_herbert @bainesy1969 @jamesfirth haha don't talk to me about funding, everyone seems to think I should work for free ;)I'm about as happy with a state-driven approach to privacy as I am with a corporate free-for-all. At the heart of the debate is an issue that affects everyone, globally, whether or not they have access to the internet - because the ramifications for global trade and societies around the world if we get this wrong are enormous.
— Alexander Hanff (@alexanderhanff) January 26, 2012
Any sustainable business must see that a key part of sustainability is building trust with its customers, and that relationship is the focus of our research into digital privacy (see slide 7 from my presentation at Digital Surrey last night).
Big corporations can't have it both ways, they must either support independent initiatives to understand the problem with the aim of coming to a broad consensus on what data protection legislation is needed, or risk bad laws stemming from a frustration with the way a fledgling personal data industry has behaved so far.
No comments:
Post a Comment