Data Privacy: The right to be forgotten

Recently an EU Parliamentary Committee passed a data privacy proposal which could have far reaching consequences for not only businesses, but also for individuals. Sam Costigan explores the impact of the new regulation.

On 21st October 2013 an EU Parliamentary Committee passed a data privacy proposal which could have far reaching consequences; not only for businesses but also for every day consumers.

Can we standardise EU data privacy laws?

EU data protectionIt is quite widely publicised at the moment (and is particularly pressing in the data privacy world) that the proposed legislation touched upon in our last blog would have far reaching consequences. Some of the proposed changes are welcomed, at least in principle, such as ‘the right to be forgotten’ which seeks to bring more control to the everyday person to the release of his or her data. There is also call for standardised legislation and policy regarding international data in order to create a uniform EU data privacy platform. This would harmonise data privacy laws across the EU.

What are the downsides of the proposed regulation?

Conversely, there is opinion within the industry that the proposed regulation appears to repeat some of the same mistakes of the ePrivacy Directive. Having recently discussed this with a well regarded data privacy expert, he stated that “consent still being explicit in all cases is going to be hugely problematic for the industry, and could lead to click fatigue for individuals.”

He went on to say that the regulation seems to be repeating “…the mistakes of the ePrivacy Directive, which all of Europe agree set an impractically high standard for consent.” The implication of this appears to suggest that companies will be hindered by administrative burdens of consent, delaying what should be (and from an industry perspective, is wanted to be) a quicker process.

Is the proposed regulation a step too far?

There are also fears that some of the proposed clauses of the regulation go too far in their restrictive nature. To provide a simple example of this: if a customer decides that they no longer wish for their data to be held by a retail company they used to purchase from, they can request that such data is wiped from their records. On a larger scale, this would impact on a key aspect of the retail sector which seeks to adapt to market trends through the use of consumer data on spending habits, etc.

It would appear that Articles 19 and 20 of the regulation provide opt-out ability for the individual, should they refuse their data be processed and/or stored. Again, on speaking to the data privacy expert on this, they had the following to say on the fact that one could object to the processing of personal data based on ‘legitimate interests’: “… [in practice] any processing of personal data based on legitimate interests would work like ‘opt-out’ consent.”

This appears to put ultimate power in the hands of the individual, even over legitimate interests posed by the company requesting to process such data. Will this be considered a step too far in the bid to bring data privacy autonomy back to the individual?

We’re always keen to hear from you. Do feel free to share your thoughts and comments with us in our LinkedIn group.

 

Register for Updates

Register to receive news updates straight to your inbox.
  • We will only send you marketing information using the details you have provided to deliver, develop and promote our products and services if you give us consent to do so. Please use the options below to indicate if you consent to us using your information for this purpose. For further information please read our privacy notice.
  • This field is for validation purposes and should be left unchanged.

Newsletter

Sign up to our newsletter
  • We will only send you marketing information using the details you have provided to deliver, develop and promote our products and services if you give us consent to do so. Please use the options below to indicate if you consent to us using your information for this purpose. For further information please read our privacy notice.
  • This field is for validation purposes and should be left unchanged.

Technology Form

  • We will only send you marketing information using the details you have provided to deliver, develop and promote our products and services if you give us consent to do so. Please use the options below to indicate if you consent to us using your information for this purpose. For further information please read our privacy notice.

Get in touch with us

We're ready to show you the future of consulting. Just fill out the form below!
  • We will only send you marketing information using the details you have provided to deliver, develop and promote our products and services if you give us consent to do so. Please use the options below to indicate if you consent to us using your information for this purpose. For further information please read our privacy notice.

PPI Case Handler Profile

Complete your details below to receive our PPI Case Handler profile.
  • We will only send you marketing information using the details you have provided to deliver, develop and promote our products and services if you give us consent to do so. Please use the options below to indicate if you consent to us using your information for this purpose. For further information please read our privacy notice.
  • This field is for validation purposes and should be left unchanged.

Subject Access Request

    We require basic personal details to locate you on our records.

Request to Delete your Personal Data

    We require basic personal details to locate you on our records so we can delete your information.

Request to Withdraw Opt-In

    We require basic personal details to locate you on our records.