Last week Britain’s Ministry of Justice closed its consultation on a second proposed data law from Europe. The new data protection regulation would, among other things, require explicit permission for the use of any personal data in marketing.
Its definition of ‘personal data’ at present is broad, encompassing unique but anonymised identifiers, such as IP addresses and cookies. Results of the consultation are expected in June.
In most boxing matches, the side making the most noise beforehand is usually the one less assured of winning. And so it is in this bout. Were the industry sanguine about the chances of new regulation being implemented painlessly, it would be calmly confident about the fact.
What we’re hearing instead are complaints. Judging by last week’s comments from Facebook and the British advertisers’ body, ISBA, there is great nervousness about the implications of the proposed law.
Facebook’s UK public policy director Simon Milner says social networks will be “uninteresting” places as a result, while ISBA’s public affairs director Ian Twinn says: “Widening the scope of what is personal data to include cookies and IP addresses is nonsense.”
Both say the new law would stifle innovation and ruin the online experience.
In January I wrote that direct marketers should adapt to the requirement for consent and use more targeted communications, rather than arguing indignantly that it will destroy the industry. Online marketers, too, should acknowledge that data protection laws need simplifying, and that consumers need to have confidence that they can control where their data goes.
But, while the new data protection regulation could actually stimulate innovation in direct marketing, online it could be more detrimental to consumers. Endless interruptions and pop-up boxes requesting obscure permissions will only turn users away from the web.
In relation to both this new law and the existing privacy directive, enforcement bodies need to be sensitive to this. The most sensible online solution would surely be to incorporate all the provisions of online data laws into browser settings.
On installation, these should ask users clearly to state what sites can record about them, and whether they want to see targeted ads. Websites might occasionally need to ask for exceptions, but these should be rare and should purely concern the data necessary to function.
With a consensus on this – between websites, ad networks, software manufacturers and enforcement bodies – the online ad industry could empower web users and eliminate the current uncertainty. Then it could get on with designing the services its customers want.
But there will probably be plenty of legal scraps before that ever happens.