The EU’s General Data Protection Regulation, which will replace current data protection laws across 28 countries with a single uniform statute, passed a key committee stage in the European Parliament last night (21 October). The final vote won’t happen until next spring, but this development, which involved sifting 4,000 proposed amendments to the original text, represents a compromise between warring pro-consumer and pro-business factions.
Gone is the ‘right to be forgotten’, replaced with a ‘right of erasure’, which basically manages consumers’ expectations as to how much information they can demand to be removed from the internet.
However, there is a much stricter regime limiting what data can be passed to governments outside the EU. Ostensibly, this targets the US, in light of revelations about the communications its National Security Agency intercepts. It will now be illegal for American companies such as Google, Microsoft, Yahoo and Facebook to comply with US government requests for data on EU citizens without going through European authorities.
Perhaps surprisingly, one major concession to the business lobby is the ability to conduct ‘pseudonymous profiling’ freely. Expect this to become a very important buzzword. It means companies will effectively be allowed to create individual profiles from people’s data without their consent, as long as a consumer would reasonably expect it to do so as a legitimate business interest.
Any additional data that could identify someone must be kept separately, while profiling for purposes that could discriminate against someone on the grounds of sex, race or religion, for example, is banned.
There’s no guarantee that all or any of these proposals will actually see the light of day. Hardliners on either side of the debate remain unhappy with what’s been conceded. Many more amendments could still come.
But it seems there’s now a workable draft that could feasibly end up becoming law, and that’s something that all marketers should pay attention to, if only for one reason – fines could now be increased to as much as 5 per cent of global turnover. That’s hundred of millions of pounds for the internet giants.
And as a result, breaching data protection laws will no longer be a trifling matter.
Click here to nominate yourself or a colleague as Data Professional of the Year.