The European Commission (EC) has proposed a comprehensive reform of the EU's data protection rules to strengthen online privacy rights and boost Europe's digital economy.
Following the announcement, EU Justice Commissioner Viviane Reding explained the new regulations aimed to “help build trust in online services because people will be better informed about their rights and in more control of their information.”
She added, “The reform will accomplish this while making life easier and less costly for businesses. A strong, clear and uniform legal framework at EU level will help to unleash the potential of the Digital Single Market and foster economic growth, innovation and job creation."
The announcement follows a consultation process in which the original proposal was modified after concerns it would be too complex and ambiguous to enforce.
If the regulations go ahead, it will no longer be enough to assume consent through a customer’s silence. Instead a statement of “affirmative action” will be required by the customer and company’s must inform the customer exactly how their data will be used. The proposals also introduce a new “right to be forgotten” clause that will allows customers to insist their data be deleted unless a company can demonstrate that “there is a legitimate reason to keep it”.
The reform includes some key changes, namely:
-A single set of data protection rules valid across the EU. The EC claim this will cut various admin costs and save businesses around €2.3 billion a year.
-The new regulation provides for increased responsibility for those processing personal data, which will also allegedly cut businesses’ admin costs of €130 million per year.
-Customers will have the right to data portability – i.e. be able to transfer personal data from one service provider to another, which will increase competition among services.
-The new regulations will be better enforced, meaning businesses in breach of data protection rules could be fined up to €1 million or up to 2 per cent of their global annual turnover.
While the new rules may seem more relevant to B2C in terms of data breaches, good data governance is an equally important issue for B2B marketers. However, some industry experts have reacted badly to the proposals, arguing the regulations would be impossible to enforce in a world of companies with global reach. Organisations such as the World -----Federation of Advertisers (WFA) have also accused the EC of stifling the marketing industry’s ability to handle data responsibly.
The WFA argues that widening of the definition “explicit consent” to include a greater number of data categories, “from the anonymous to the truly sensitive”, risks leaving customers with “consent fatigue” increasing the likelihood that they will allow either all or no data to be used. The WFA also argues the new rules will “undercut the advertising-funded business model that drives the digital economy as we know it. In turn, they would act as a brake on innovation, competitiveness and growth in Europe.”
Commenting on the news and its implications for B2B marketers and brands, Peter Russell, head of data and analytics, Targetbase Claydon Heeley, says, "It merely formalises what companies should be doing already in terms of best practice around data quality. Companies need to invest the time and effort to continuously maintain data hygiene around both prospect and customer data as at the end of the day – knowing who they are and being able to communicate with them via the right channel is marketing 1.0.
"At the end of the day, regardless of any potential fines over data protection, poorly managed data will end up costing companies through a combination of wasted marketing budget and resource as well as opportunity cost of last sales. That should help sharpen their minds when it comes to taking data quality and protection seriously."