It’s on a slightly different note to the Beastie Boys but still an equally important right. And the truth is, there has been an ongoing debate about what rights consumers have over their data. It seems that with the new EU General Data Protection Regulation (GDPR), that debate may conclude with some knockout points in favour of the consumer. Could the data party as companies know it, be about to come to an end? Or at least feel the brakes and experience a screeching slow-down? We have been (knowingly or unknowingly) giving up our data to companies for so long that it has become the new normal. But how happy are we really about this? According to research in the UK by the Department for Digital, Culture, Media and Sport, more than 80% of people feel they don’t have control over their data online.
Could it be that companies have simply gone too far in their data delirium and it’s about time for things to change? When stock markets or property markets overheat, often there is a correction. Could the GDPR be a correction in the world of data?
In the UK, the government is preparing to pass a new Data Protection Bill, which will also align law with the forthcoming EU GDPR. It will give consumers a heightened awareness of their rights when it comes to data. Until now the focus has been on how companies will prepare for the GDPR and the potential business impact. But equally important to note, are the additional benefits for data privacy for consumers, who should start rethinking how much data they are giving out. For many of us who have never questioned this, it could result in a huge shift. If the research on data control is anything to go by, if, all of a sudden, consumers are presented with a choice, it’s very likely they will choose to share less data.
Some of the main changes as a result of the new Data Protection Bill in the UK for consumers will be:
• The right to force social media companies and online traders to delete their personal data, the “right to be forgotten”.
• More individual powers and a say over the way data is collected, processed and stored, with big fines for organisations that don’t comply.
• Companies will have to lay out clearly what information they hold and what they intend to use it for and get a clear indication of consent from the customer on the use of their data.
• The definition of personal data will be expanded to include IP addresses, internet cookies and DNA.
• Customers will be more easily able to move their data between companies if they wish to eg – moving photos to a different cloud storage company.
This sounds good in theory for people on an individual level. It’s going to even up the playing field. But it’s not so good for the data hungry companies out there, keen to customise interactions and create customer loyalty through personalisation. In practice, it will be interesting to see how enforceable the legislation is and what fines ensue. As Nina Vassilieff, Former CTO of Volkswagen France said at a recent security summit, companies will have to start taking this seriously, or face hefty fines (upto 4% of global annual turnover). She related her experience talking to the board at Volkswagen about the potential fines for an infringement of personal rights in preparing them for the new regulation. “I can tell you, at the board level, they listen. I gave them examples of what that could cost. They’re aware of it and now there is a project to deal with this. I actually had it in the project list but a new CIO took it off and said ‘I don’t want this in the budget, we don’t need this’. So I said, well I think after the board meeting, you’re going to change your mind. And she sure did.”
There will without a doubt be a shift in the way data can be collected and a possible change of behaviour on the consumer side. Maybe it’s not about the party being over just yet. But about having smaller parties…and given that most companies don’t even use anything near 15% of all the data they collect, that wouldn’t be such a bad thing.