The emergence of data as the most important and valuable asset of the information economy, whilst not in itself a surprise, is a perfect example of the difficulty in ensuring that legislation is fit for purpose when innovation is driving rapid and fundamental market change.
Over the past decade the expansion and mass adoption of personal digital technologies, especially mobile, and the emergence of platforms such as social media or location aware software has created entirely new business models and market sectors – for example, mobile advertising in the UK grew by 148% from 2011 to 2012 becoming a £500M+ market.
For many of these new business models the efficacy of targeting their desired client (or consumer) is the core USP of the product, disrupting incumbent models and generating better ROI and impact. The ability to effectively target is derived from the fact that all interactions in a digital world leave a trail – metadata – which can be captured and analysed.
This data trail, and the ability for companies to capture and exploit, gives rise to the key questions at the heart of issues around data protection:
- Am I aware that my data is being collected?
- Is my permission required?
- If I give that permission in one environment is it transferable to a secondary use?
- Do I understand any correlation between data collection and service provision?
- If there is financial value in my data how do I benefit?
- If my data is being collected is it secure?
- What if I want to reverse my permission?
The way that those questions are answered, and the legislation which countries put in place to reflect a legal (and importantly, cultural) understanding of acceptable parameters, is fundamental to the operations of new business and innovation in this space – whether a purchase recommendation engine, social sentiment analysis, advertisement targeting or location specific marketing.
And it is from differences in this interpretation that data protection issues between US and UK/EU law in particular derive.
In the EU privacy is seen as a fundamental human right and thus regarded as falling within the role of Government in protecting the rights of its citizens – with the concern for the protection of rights as the primary concern above all others. In the US the expectation is one of commercial self-regulation with minimal necessity for Government intervention, thus privacy is an economic commodity subject to the market.
Recent public issues, for example with Google Mapping or WhatsApp or Facebook/Instagram, derive from a sense that data collection has somehow been furtive or underhand, rather than transparent and explained – compare the fact that we all understand how Amazon’s “you bought, you might like” mechanism works and see its value….
As we enter the realm of big data we shouldn’t underestimate the requirement for transparency on collection and usage, and if data is a core corporate asset – look at Facebook’s market capitalisation – then what is the correlating value to the user?
Explicit permission for data collection and use, and an understanding of the implications that decision, is core to the EU position and the source of key concerns for US businesses.