Privacy as a developing political issue
What marks a turning point in the development of privacy as a prominent political issue with an impact on business?
I consider that there is a shift of public sentiment and it is reflected in a statement by Kazimierz Ujazdowski, Member of the Cabinet of the European Data Protection Supervisor at the EDPS conference in Brussels in June: “While the problems are legal, the issues are political.”
Privacy issues follow the route taken by environmental and climate change issues which have taken decades to reach political prominence in many countries. Several of these issues are reflected in this October edition of PL&B international Report.
What is starting small may yet blossom. The tech giants may follow the lead taken by their much smaller competitors by giving consumers the option of paying them to use their data. This path has been pioneered by browsers, for example, Gener8 and Brave.
An early adopter to test the water by putting a value on “the right to be left alone” is the case of Sweden-based Spotify, founded in 2006 which gives access online to 50+ million songs. It launched Spotify Premium as early as 2011, inviting users to pay a fee to listen to music without advertising, and so took the lead in showing the value of respecting customers’ time and attention.
Tracking to consumers’ benefit
How to convert tracking to consumers’ benefit? Paying consumers for their personal data and providing an online service without advertising, illustrates the way that companies know that consumers are increasingly aware of their position as the object of Adtech’s Real Time Bidding. Check My Ads is working actively in this field.
Harmful content on major social media networks (in the contexts of political extremism, normalising the use of guns to pursue the fantasies of unbalanced people, self-harming and suicide) has been nurtured on the basis of a US legal framework of freedom of expression taken to an extreme.
Where there is political will there is a regulatory way
By contrast, the EU has taken a tighter regulatory response both at national DPA level in Belgium, Ireland, Italy, Spain and the UK and at the level of the European Data Protection Board in planning sanctions against China-based TikTok.
California: The EU Digital Services Act aims to tackle illegal content. Identifying some US companies as part of the problem, the EU took a political decision to move EU regulatory action to the tech companies’ back yard with the establishment of an EU Office in California. Its role is to try to influence the large tech companies based there and, indeed liaise with California regulators and legislators. US federal privacy legislation for the private sector, has long been an aspiration of a few legislators. However, there is now a firm foundation for future steps on privacy regulation in California, traditionally the leader in data breach legislation and much else in the US, such as car safety and emissions.
To demonstrate his commitment, California’s Attorney-General has now taken his first enforcement actions resulting in a fine and a settlement under the state’s Consumer Privacy Act. Discussions between the state and the European Union on a move towards EU adequacy have begun, but have a long way to go.
Ireland: Many US based multinational companies have European headquarters in Ireland, partly because of its low corporate tax regime. The Irish government has picked up on the political atmosphere and has now given greater financial resources to Helen Dixon, Ireland’s Data Protection Commissioner. This is an increase of more than six times from the 2015 allocation of €3.647million, to a €23.2 million budget allocation in 2022. The DPC staffing numbers have increased from 110 in 2018 to 191 at the end of 2021 and there is provision for total staff numbers of 258 by the end of 2022.
The government made the following statement reflecting this political priority: The government commits to ‘recognise the domestic and international importance of data protection in Ireland’ and states that the government ‘will ensure that Ireland delivers on its responsibilities under the General Data Protection Regulation’.
Examples of privacy invasion not only by the tech companies but also by others, which have encouraged the media to pay greater attention, build public consciousness and, as a result, have strengthened a call from civil society and parties across the political spectrum for regulatory action to address privacy issues.
Tech companies can be powerful adversaries. But, if persuaded, that a privacy-friendly path will win them more friends and slow the trend towards less intrusive competitors, they may recognise that their own best interests are better served by embracing privacy values rather than keeping them at arms’ length.
Publisher, Privacy Laws & Business