The Internet and the innovations it has given rise to, have delivered unprecedented benefits for billions of consumers.
Data
is the commodity that is powering much of this innovation and the
digital economy more widely. Handing over personal data is now as key to
facilitating an online transaction as handing over money.
While enjoying the benefits, consumers are expressing increasing unease over how personal data is being used.
- 67% are concerned about not having complete control over the information they provide online;
- 71% feel that providing personal information is an increasing part of modern life and accept there is no alternative to providing it if they want to obtain products and services.
New research from the University of Pennsylvania finds that:
"Rather
than feeling able to make choices, Americans believe it is futile to
manage what companies can learn about them…..More than half do not want
to lose control over their information but also believe this loss of
control has already happened."
Concerns expressed by consumer advocates are reflecting these sentiments. In our recent Global Consumer Protection Survey, CI Members expressed concerns that the digital economy’s rapid evolution is outmoding and outpacing consumer protection:
- 76% felt enforcement of consumer protection is ineffective in the digital economy (worse than any other sector);
- 80% judged legislation, regulation and standards relating to redress as ineffective at keeping pace with the digital economy.
Is it time to reboot how we approach data protection?
Today’s
smartphone era is characterised by the ease and efficiency with which
data can be collected, processed, stored and transmitted; and also by
the range of data that is collected including: location, browsing
history, contacts and purchases made to name a few.
And
yet much of the current data protection legislation around the world
was framed as response to the era of mainframe computers and early
databases.
Consumers’ growing sense of
powerlessness and loss of control in relation to the collection of our
personal data is therefore an understandable response.
How best to respond?
When
agile is the guiding principle for how tech companies organise, when
products are developed in ‘sprints’ and when the low cost of network
effects on the internet mean a service can reach tens of millions within
months, can conventional approaches to regulation and consumer
protection processes - working to decade-plus revision cycles - really
offer effective responses or remain fit for purpose?
Or
do institutions charged with consumer protection and data protection
and their processes need to evolve too – working in much more agile ways
and across the siloes their remits create?
Are there complementary or alternative means for ensuring consumer/data protection that can offer more dynamic responses?
Self-regulation
might be part of the answer, but does it stand a chance of being
effective or credible while an ethos of better to ask forgiveness than
permission permeates Silicon Valley?
Or,
actually, are the incentives for making self-regulation work in a
demonstrable manner significant, given the unintended consequences that
well-intentioned, but poorly executed statutory approaches could have on
innovation?
A hybrid option might be around
“regulated self-regulation” – where government regulators create the
conditions in which businesses can demonstrate they are acting in
data-respecting ways. The creation of specific ISO standards could
support this.
As I outlined in a previous blog,
another approach could involve developing tools and services that
empower consumers - giving them agency in relation to which data they
share, with whom and for what purposes.
Can
the market itself drive change as online privacy and control over how
data is used becomes a ‘feature set’ that consumers demand?
Early signs here offer some encouragement – not least as elements of the tech sector either start to realise there is a growing imperative to demonstrate their data-respecting credentials if they are to ward off heavy handed regulation; or realising it makes business sense as they seek to expand to markets, such as health and banking, where data is all the more sensitive.
Early signs here offer some encouragement – not least as elements of the tech sector either start to realise there is a growing imperative to demonstrate their data-respecting credentials if they are to ward off heavy handed regulation; or realising it makes business sense as they seek to expand to markets, such as health and banking, where data is all the more sensitive.
No
doubt the optimal response will draw on elements of all of these
options, but getting to that point will require concerted engagement
from all working in the consumer interest.
If personal data does, as all the indicators suggest, become the defining issue of the twentieth century, it’s imperative that engagement starts now.
If personal data does, as all the indicators suggest, become the defining issue of the twentieth century, it’s imperative that engagement starts now.
No comments:
Post a Comment