British citizens could see an end to pre-ticked boxes and default opt-outs under a proposed new data bill. The law reflects changing attitudes to the way digital services handle consent, says Tim Green…
Last week, the UK government issued a ‘statement of intent’ to strengthen its data privacy laws via a new Data Protection Bill.
This will include the right to be forgotten, the right to require social media platforms to delete information when asked, and tighter regulation on default opt-out or pre-selected tick boxes.
The law will also give the Information Commissioner’s Office (ICO) more power to defend consumer interests and issue fines of up to £17 million (or four per cent of global turnover) to punish serious data breaches.
Matt Hancock, Minister of State for Digital said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.”
The last bit is significant. As Britain prepares to leave the EU, there is some uncertainty over its adherence to EU laws such as the General Data Protection Regulation, which is coming in 2018.
Most believe the UK will observe GDPR given that it still wants to trade with its European partners. But that’s supposition. So perhaps the new Data Protection Bill has been astutely presented to assuage that uncertainty. The statement of intent makes it clear that the UK wants to ensure “unhindered flow of data” with the EU member states.
In fact, for many observers, it is simply the GDPR in another name.
But whatever the politics of the situation, this proposed law is yet another indication of the hardening stance of regulators towards data privacy. The governments of Brazil and South Africa, for example, are making similar moves.
Obviously, the MEF is dedicated to tracking privacy legislation and examining its impact for members and mobile-related businesses as a whole.
We have sought to know what consumers think too. Our own 10-country study identified the phenomenon of the ‘savvy consumer’, almost half of whom will stop using a service if their trust is challenged. On the flipside, the same study reveals 47 per cent will reward businesses they trust by recommending them to friends and family.
Of course, this is what everyone in the digital economy wants.
The answer to worries about data privacy is not to simply stop the flow of information. Rather, it’s giving people back the power to share data with companies they trust.
This makes consent the pivotal component in the future of data sharing. When people know exactly what they are being asked to pass over, what for and with whom, they will share more.
The proposed new UK law certainly makes a lot of consent. It:
- Makes it simpler to withdraw consent for the use of personal data
- Clamps down on pre-ticked boxes and default opt-outs
- Lets parents give consent for their child’s data to be used
- Requires ‘explicit’ consent for processing sensitive data
- Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
The challenge is for companies to put in place systems that can meet these demands. That means (perhaps) replacing 20 page privacy policies with simple plain English menus. It means finding a way to store consent forms. It could mean appointing a team to be responsible for the systems.
All pretty complicated. Which is why the MEF’s own Consumer Trust Working Group has been working on a white paper that investigates the topic.
The paper will look into the legal definitions of consent, how new laws and technology will affect it, and how some companies are defining best practice.
Tim Green, Editor Mobile Money Revolution