The US could learn a few lessons from European regulators when it comes to customer privacy and data protection in the age of big data. At least, that was the consensus at a Hill panel discussion hosted by the Internet Innovation Alliance on the need for comprehensive federal legislation in order to properly govern the internet. While politicians from both sides of the aisle debate next steps in the aftermath of Congressional hearings featuring Facebook CEO Mark Zuckerberg, the EU is preparing to begin enforcing two key reforms giving users greater protection over their personal data: the General Data Protection Regulation and the Data Protection Directive.
Becoming widely enforceable by May 25, GDPR marries a collection of data privacy laws across Europe, giving citizens not only the right to greater privacy, but also allowing them to completely erase his/her personal data to stop third parties from processing their data. First being approved and adopted by the EU Parliament in April 2016, GDPR will supersede the UK Data Protection Act of 1998 and apply to both organizations located in the EU as well as those located outside of its borders if they offer goods or services to, or monitor the behavior of, any person in the EU. Organizations can be fined up to 4% of annual global turnover for breaching the regulation, or €20mln.
Adopting a unified approach like the GDPR is the only way to bring about a stability and consistency to a policy addressing the issue, according to former FTC commish Jonathan Leibowitz.
“If you are European and you are traveling outside of the EU, your data is protected at an EU standard,” Leibowitz noted, addressing the growing movement in individual states to pass their own net neutrality and privacy laws. “You don’t want a crazy quilt patchwork of state privacy laws chafing against each other and being inconsistent. It’s just bad policy.”
Former FCC chmn Robert McDowell agreed wholeheartedly, as it is meaningless to try and place physical boundaries on something as global as the Internet. “The Internet being a network of networks… and the way it’s designed, there aren’t any borders,” McDowell said, with the only exceptions being countries such as North Korea.
As far as adjustments to targeted advertising go following the involvement of Facebook in the Cambridge Analytica data collection and questions of suspicious ad behavior and manipulation on the site during the 2016 election season, there may not be as much change as one might expect. Rather than changing the rules currently in place, IIA co-chairwoman and former MMTC pres/CEO Kim Keenan believes that the changes that need to occur lie in more transparency regarding how the ads were created and how the data harvested was manipulated to create the ad.
“People aren’t even clear about why this is important because it’s not that the people went online and said ‘Vote for X,’ Keenan said. “What they did was manipulated what you’re interested in and what you like in a way that made you vote in a way that you would not have voted if you hadn’t been targeted in that way.” Anything that blocks the ability of a company to deliver an ad could become an issue of free speech.
“If you’re saying you can no longer target, you’ve got a big first amendment problem,” McDowell said. “It would be the government saying you as a speaker cannot speak to a certain audience, so disclosure historically has been the way we try to deal with that. That’s probably the best way going forward.”