Data Privacy Day reminds us of the importance of transparency
Luca Schiavoni, Analyst, Regulation, OvumThe celebration of the Data Privacy Day on January 28, 2013 came at a moment when awareness of the importance of the matter is higher than it has ever been. However, many obstacles get in the way of full data privacy, including companies’ unwillingness to fully disclose what they do with their users’ data, consumers’ unwillingness to actually read lengthy terms and conditions pages when signing up to a service, and the fact that some companies’ business models rely on their users’ data to distribute targeted advertising.
Regulation in this area is often quite confusing and obsolete, and it can be it unclear whether the rules that apply are those of the service provider’s country or the user’s country. There is a clear need for coordinated approaches between regulators around the world.
The rise of OTT services is prompting policymakers to take action
January 28 has been Data Privacy Day for the last five years. This year it came at a moment when awareness of the importance of data protection online appears higher than it has ever been. The increasing uptake of online, and especially OTT, services by consumers is causing regulators to rethink the current set of rules that govern privacy. These rules are often obsolete, and may fail to apply to communications services such as VoIP and social networks.
It is often unclear whether the rules that stand are those of the service provider’s country or the user’s country, and there is a need for coordinated approaches between regulators across different geographies. The EC intends to pass a new regulation on data protection, which will be immediately valid in all member states, by the end of 2013; this should ensure a consistent framework within the EU.
However, not all the recent changes to privacy legislation have been stricter for content/service providers. In the US, the amendment to the Video Privacy Protection Act of 1988 approved in January 2013 established that the written consent of the user is no longer required every time a third party seeks the disclosure of personal information such as their video viewing history.
Consent can now be given via the Internet (i.e. through an online form), and can last for up to two years, unless the user explicitly withdraws the consent beforehand. This demonstrates that legislators are ready to listen to the needs of the industry, especially in the US, where many content providers are based. However, careful monitoring of the transparency of these services will be needed to ensure that users know what they are unveiling, and for how long.
Users may not read through lengthy terms and conditions, but they care about their privacy
Despite the difficulty around finding out how users’ data is actually used, people seem to care about what is done with the information they provide to and store on a given service. Ovum’s recent Consumer Insights Survey found that 68% of the Internet population across 11 countries would block the collection of their personal data if there was an easy way to do so.
Consumers are starting to make their feelings known to online companies; for example, the photo service Instagram was forced to make a U-turn in December 2012, after having announced it would give Facebook access to its users’ accounts for advertising purposes. In response, thousands of users decided to close their Instagram accounts, fearing that their pictures would be sold off to advertising companies. The actual situation was somewhat more complex, but the outcry goes to show the extent to which consumers value privacy and transparency online.
A number of campaign groups, including Reporters Without Borders, have put pressure on Skype to start releasing detailed transparency reports showing what information it stores, as well as governments’ attempts to access that information. Other big content/service providers such as Google and Twitter already provide such reports; Google publishes data on the number of requests it receives from governments and enforcement authorities, including how many of those requests are met. However, some countries (such as China) that are known for their thorough monitoring of their citizens’ online activity are not listed, which raises the question of how the company responds to requests coming from those countries.
A lack of transparency could hamper growth and trigger further regulation
Google has not escaped criticism, especially over its delivery of targeted advertising to its users. It has recently been taken to court in the UK over claims that it bypassed the security settings of the browser Safari in order to place targeted ads. It has already been found guilty of doing this in the US, and in August 2012 was fined $22.5m by the Federal Trade Commission.
While it is understandable that a company that relies on advertising to generate revenues would make efforts to maximize the impact of its ads, it is important that it do so in an open and transparent way. Users are unlikely to drop popular services such as Gmail on a large scale, but they do react adversely when their information is retained or used in a way they did not expect, as the example of Instagram illustrates well.
The challenge for regulators is to come up with rules that are not too burdensome, and that do not stifle innovation. It is not surprising that countries such as the UK, where tech start-ups are flourishing, are advocating a light-touch approach in the EC’s upcoming regulation.
But this is also why companies have to make the utmost effort to be clear to their consumers; breaching the confidence of online users could backfire, and lead to more restrictive regulation, at least in countries where the issue of privacy taken seriously by governments and policymakers. In the long run, repeated failures to meet customers’ expectations could hamper the growth (and ultimately the profitability) of Internet companies. Users’ behavior will likely be significantly affected by the way their data is treated.
- » Building confidence and power: Exploring greater female leadership and participation in cloud and data analytics
- » Oracle wants to say goodbye to shared responsibility by ramping up autonomous next-gen cloud approach
- » Three reasons why killing passwords will improve your cloud security
- » Why the future of data security in the cloud is programmable
- » Moving from DevOps to modern ops: Why there is no room for silos when it comes to cloud security