Regulators, consumers or industry - Who will be the future privacy king?

 As you might have seen from a recently published note by FH , privacy is Brussels’ new catch phrase.  Few are disputing that search engines, social networking sites and other Internet related technologies offer huge opportunities for consumers and the digital economy. However, some are concerned that increasing the collection and processing of personal data on Internet jeopardizes privacy.  EU Commissioners, NGOs, companies and MEPs – everyone wants to defend European citizen’s right to privacy. But as new developments unfold  who will take the lead – regulators, consumers or industry?

At a recent conference a European Commission official said: “Our ambition is clear: we want the best data protection system in the world”. In contrast with the Obama administration who has been relatively quiet on privacy (but very keen on driving other ICT issues such as cyber security and network neutrality) this aspiration could put the EU in the driving seat in global discussions about borderless personal data flows. The Commission’s clear ambition in combination with mounting pressure from stakeholders  to renew data protection rules seem to make the case for additional regulation pretty straight forward.

However, the appetite for self regulation is building-up. Several companies have already signed up to the UK Internet Advertising Bureau’s good practice principles for online behavioural advertising aiming to put the user in control when data is collected. The infancy of business models with revenue streams mainly stemming from Internet has lead to a knowledge gap between policy makers and industry. This gap offers an opportunity for industry players who want to stay ahead of the legislative curve by engaging in dialogue and adopting self-regulatory codes.

No matter if EU policy makers or industry take the lead we can count on the fact that grass root mobilization among users will continue to force companies to backtrack on their online advertising practices. British Telecom’s Phorm experiment and Facebook’s “Beacon” advertising program are just two of many examples where users have waged war against privacy intrusive business practices. 

Clearly, regulators, consumers and industry are on the lookout for new online privacy rules.  Who will be the kingmaker of future privacy regulation?



June 18, 2009 | 4:05 PM

Thanks for a relevant and very interesting comment. As far as I can understand one of EDPS's mission is to give advice on new legislation having data protection implications. I guess a certain degree of opinion forming is allowed for within this mandate. Magnus

June 16, 2009 | 11:37 AM

I think a more important, but related question, is which of the regulators will be king? We are now seeing at least three different Commissioners and DGs taking leading roles in privacy policy, and yet this is peanuts compared to the role being taken by the Article 29 Working Party and by EDPS Peter Hustinx. Hustinx has a staff of something like 30, while the DP unit in JLS has about 10. And yet the mandate of the EDPS is much, much narrower. I think it is legitimate to ask whether privacy policy should be made by regulators or by legislators. Personally, I'd feel more comfortable if (somebody at) the Commission were in the driving seat, instead of the WP and the EDPS. Otherwise things could get very lopsided.