EU Data Protection Act – Where are we now?

You may have heard about the EU data protection reform floating around in the press, or as we like to call it the rise of the data death eaters (Harry Potter fans will know what we mean). The reform will suck the lifeblood out of data companies not to mention tried and tested integrated marketing strategies.

We’ve been hanging on waiting for a decision to be made as to whether the reform will take place however it seems the guys at the top can’t quite agree. So, we’ve taken a closer look at the proposed reform and what this could mean for not only businesses like us, but the rest of the economy too.

What are they actually proposing?

Current laws concerning EU data protection date back to the digital Stone Age of 1995. So of course we agree that the laws need to be reviewed in light of today’s technology and the mobile and social spheres we now live in but many, and we mean many, agree that this has been taken way too far and more importantly to the detriment of the UK economy and to the consumers and businesses it set out to protect in the first place.

Back in 2012, which seems like an age away itself now, the Commission proposed a radical reform to the EU legal framework governing the protection of personal data. This was initially pitched as a way to protect information and tackle the challenges of new technologies.

Why is this a bad thing?

Instead of going to the extreme why are we not looking at evolving the law to accommodate the new technologies we now use. We’ve always been told by politicians and world leaders alike to embrace change, so why are they the ones now running scared from it and hiding under their proverbial data reform duvet?

We agree that consumers and businesses have a right for their data to be protected and respected. But, too many restrictions can only be bad for business innovation and growth. Some believe that this level of data restriction will come at a direct cost to both business and consumers. Previously free internet services may have to revert to charging subscription fees and this is all down to the agreement internet giants currently have with companies proving these free services in exchange for personal data. So the long and short of it is do we want to be protected to such an extent that is not only unnecessary but will also costs us in the long run?

The proposed reform as it stands, if enforced, would destroy so many businesses overnight and this, in turn would have a huge knock on effect to the UK’s economy as a whole. With such a big budget deficit we just can’t work out why the government would want to plunge the economy further into the depths of debt by taking away crucial revenue streams for UK businesses. The reform as it stands would mean no more email marketing campaigns, no more direct mail to prospective clients, or telemarketing! The end to integrated marketing campaign as we know it. If the reform were adopted then this would be a huge thorn in legitimate businesses’ sides when it comes to how they use data to market themselves to consumers and other businesses. If companies can’t reach their target audience to tell them about their products or services then sales will fall and businesses will close all over the country, frighteningly perhaps in only a matter of months.

What’s the latest?

It’s not hard to see which side of the fence we’re on but we’re not alone. Since the changes to the reform have been proposed there has been an unprecedented tsunami of lobbying and criticism of the reform. Plus so many amendments to the reform have been banded about that the new regulation would be so hopelessly compromised that it begs the question of whether its worth all the time, effort and tax payers’ money in the first place.

The latest word on the data protection street is that any reforms could now be delayed until 2015 which would mean it wouldn’t actually be enforced until 2017. This follows a summit late last month where the concern of the reforms impact on the digital agenda was raised.

There has even been debate about how big the fines would be for any companies that breached the new regulations, from 1% of their worldwide turnover all the way up to 5%

The man in charge, David Cameron, also seems to be in our camp too, saying after the summit “The one area where we had some concerns, because the right drafting and thinking hadn’t been done, was data protection, where there was a rather false deadline for next year. We got that removed. We do need to have a data protection directive in the EU but the current draft would add a lot of cost to businesses. It’s not right, and so I made sure there was no false deadline for next year for that one.” But despite Cameron’s concerns, its thought the European Commons may still plough ahead with the amendments in its December meeting anyway but the possible delay until 2015 will give Council of Minsters the chance to review the reform in more detail.

For the reform to be passed into European Union law there must be agreement between the Council of Ministers, European Parliament and the European Commission. There’s little doubt that each are going to have very different versions of the text so they’ll have to thrash it out with a trilogue negotiation.

One thing we do agree on with the Council of Ministers is that the devil is in the detail and it’s vital they get it right as the new regulation will be hanging around for some 20 years.

We’ve taken a closer look at just some of the details in the reform and how exactly these will affect businesses:-

  • The reform calls for a right to erasure, meaning an individuals right to have their details deleted if they ask for them to be. This is then cascaded through to other business that may hold the persons details. This would be disastrous for digital companies like Facebook and other social media platforms, cloud providers and the likes of Google and other search engines.
  • Companies will only be able to send direct marketing by post where it related to similar products or services and they will have to gain opt-in consent for other methods such as email.
  • The individual will have to give consent for their details to be disclosed to a third party
  • If an individual cancels a service, for example car insurance then the insurance company is no longer allowed to market to the consumer when its due for renewal unless the consumer gave permission when cancelling the policy.
  • In terms of profiling, complied at use automated processes for credit scoring will now have to do this by hand by a member of staff.
  • A company processing the personal data of 5,000 consumers in any one year must hire a data protection officer for a minimum of four years. If a company deals with sensitive personal data such as information relating to children then they must also hire a data protection officer. This of course will result in an added overhead expense for the company.

Many organisations are continuing to pledge a war against this potential data disaster and reach a fair compromise between the personal right to privacy and the genuine needs of businesses to protect both consumers and the economy. We’ll keep you updated as soon as there’s something new to report so for now… watch this space.