Today the European Commission published its proposals for long awaited new laws on how companies collect and use your personal data. But will these new rules really hand back control of your personal data?
These new EU data protection rules outline how our data is used and attempt to ensure that it remains under our control when it’s online.
Amongst other things, the proposals argue that companies must seek our explicit consent if they want to use our personal data, make it easier for us to transfer our data from one service to another, and to delete information about us at our request.
If companies violate these rules, they could be fined €1m or 2% of their global annual sales.
One big step for your online rights
The new proposals are badly needed. The current laws were written over fifteen years ago, a time before the widespread use of the internet. Now almost everything, from staying in touch with friends to online banking, is performed online.
Are the proposals good for consumers? Yes, I think they are. Last year the European Commission announced its intention to put consumers at the heart of the laws, and they appear to have done just that.
We’re particularly pleased to see some of the changes we’ve been calling for here at Which? for the past two years, such as a short deadline for companies to inform victims that their data has been breached. There are also provisions to allow you to claim compensation should a company lose or misuse your personal data.
Do you have a right to be forgotten?
Perhaps the most controversial of the proposals is the so-called ‘right to be forgotten’. This will let consumers request that their personal information is permanently deleted if there’s no reason for a company to keep it.
The Commission has made it very clear that this right is aimed at allowing consumers to retain control over their data, and to restrict how companies currently hold on to it. Take Facebook as an example – if you delete your profile, you’d expect all that information to be removed immediately, but at the moment this is kept on file.
However, some commentators have raised concerns over the impact this new right could have on the freedom of press. Could it allow anybody to essentially erase themselves from history? Commissioner Viviane Reding, the driving force behind the new rules, approached this criticism when she announced the proposals:
‘The right to be forgotten is of course not an absolute right. There are cases where there is a legitimate and legally justified interest to keep data in a data base. The archives of a newspaper are a good example.
‘It is clear that the right to be forgotten cannot amount to a right of the total erasure of history. Neither must the right to be forgotten take precedence over freedom of expression or freedom of the media.’
The Commissioner’s intent seems very clear: the changes are about giving consumers more control over their online data. But will the new law achieve its stated aims or will companies simply find new ways to mine and use our personal data?
Whatever the case, by the time these new rules are agreed and passed, which could take over three years, it’s likely that the technological landscape will have changed dramatically.