Global Regulatory Discord and The Dawn of The Personal Information Economy

“While the U.S. administration is dialing-back on regulations that protect personal information, European regulators are ratcheting them up.” Michael Becker

“We’ve lost control of our personal data.” Tim Berners-Lee

A guest blog post from Michael Becker, President of the PDEC Governance Board:

Remember Orwell’s book “1984”? It turns out that George Orwell might have been an optimist. Since the dawn of the Internet, we’ve looked at the web as a boundless resource of easily accessible information. However, the internet might be taking more information from us, its users, than we are from it. While we unconsciously use the web and all the devices and services that hang from it, our daily routines and data are monitored, captured, mined, refined, used, and sold. Whether it be social media, checking the latest news, or looking up the score of last night’s ball game, Internet Service Providers (ISPs) have been steadily archiving our personal information including our browser behavior, search activity, purchases, and increasingly, our physical location, to just name a few of thousands of data bits, labels, and scores being associated with every one of us. It is clear that this data has value. In fact, the access and control of our digital identity may be worth as much as $1.1 Trillion USD in Europe alone by 2020.Consumer behavior and personal information are the fuel powering developed economies throughout the world. Legitimate organizations around the globe use personal information for a wide range of purposes. These include the delivering of targeted and re-targeted online and offline advertising, providing people with free or heavily discounted content and services, providing people with enriched personalized and contextually relevant products, services, and experiences, inventing new products and services, and so much more.Personal information is a powerful asset. Yet, the philosophy on how to responsibly use it and protect it varies greatly depending on whom you speak to. For instance, regulators around the world appear to have differing opinions on how to effectively guide the industry on the responsible collection, use, and stewardship of people’s digital behavior and personal information. For example, this week, U.S. regulators re-framed legislation that is at odds with regulation in the UK and EU.

Last year, Oct. 27, 2016, the Federal Communication Commission (FCC) adopted new FCC Broadband Consumer Privacy Rules. The rules required Internet Service Providers to give individuals greater transparency, choice, and control over how their personal information is collected and used. The rules required ISPs to gain an opt-in from people before the ISP can use and share sensitive personal information and required the ISP to stop using non-sensitive information if an individual opts-out. The rules also defined what constitutes transparency, specifying that ISPs must engage in reasonable data security practices, including notifying people and law enforcement if the ISP experienced a data breach.

The effort to repeal the Oct. 27, 2016 regulations, as led by U.S. Republicans Sen. Jeff Flake of Arizona, Rep. Marsha Blackburn of Tennessee, 32 other senators, along with 6 leading trade groups (Association of Advertising Agencies (the 4A’s), American Advertising Federation, the Association of National Advertisers, the Data & Marketing Association (formerly the Direct Marketing Association), and The Interactive Advertising Bureau) successfully took place this past Tuesday, March 28, 2017. According to the supporters of the repeal, the old rules were:

  • Creating market inefficiencies by breaking established and functioning industry practices
  • Chilling Internet innovation
  • Hurting the consumers that the regulations were supposed to protect

Supporters of the October 27, 2016, rules argued that the regulations made the Internet more open, removed content blocking, traffic throttling, and traffic-favoritism, as well as gave individuals greater transparency, choice, and control over how their personal information is collected and used.

While the U.S. administration is dialing-back on regulations that protect personal information, European regulators are ratcheting them up. In contrast with the United States’ repeal, earlier this month, the U.K.’s Information Commission Office (ICO) issued guidance on the EU General Data Protection Regulation (GDRP). ICO’s guidance, in line with the GDPR, demands that;

  • Companies give Individuals control over their personal data
  • Companies’ consent practices be reviewed and overhauled as needed to meet the new requirements, which include the requirements to,
    • Provide a positive opt-in before personal data can be used
    • Provide an easy method to opt- out
    • Provide clear and specific statements of consent
    • Separate consent requests from other terms and conditions
    • Specify any third-parties that may have access to the data
    • Maintain the providence of each consent, including the specific notice, and who, what, when, and how consent was received
    • Provide notices of change of service and terms

The supporters of these regulations argue that they’ll help build and reinforce market trust and enhance organizational reputation. Detractors of the regulations argue that they’re too much, too complicated, too difficult, and too expensive to adhere to. Regardless, the GDPR will take affect May of 2018 and those found out of compliance may be fined as much as 4% of revenues, or €20 million.

It is unclear what lies ahead, but this what we know; personal data management is a strongly contested topic. On one hand, you have U.S. regulators suggesting that reduced regulation is needed, while on the other hand, you have European regulators saying more regulation is needed. It is unclear who is right, but it might be worth taking pause and referring to the perspective of the inventor of the Internet, Tim Berners-Lee. In a March 11th article, Berners-Lee notes that “we’ve lost control of our personal data,” that extreme surveillance is on the rise, and our privacy rights are being trampled. Berners-Lee argues that we may benefit more by being in direct control of our data and that “it has taken all of us to build the web we have, and now it is up to all of us to build the web we want – for everyone.”

It is on this last remark that we invite you to join us on April 26th from 12:30~6:30 EST, in New York, for a half-day workshop, The Role of Marketing in The Personal Information Economy, at the Fordham University Manhattan Campus, Lincoln Center; Gabelli School of Business. The personal information economy is an emerging market model that gives individuals the capabilities they need to actively participate in the actual value exchange of their personal information. It will take us all to build the marketing frameworks, best practices, education, and tools needed to thrive in the coming age. Businesses, marketing professionals, marketing technology solution providers, professors, and students, are welcome. Please join us and weigh in on the conversation.

Note: the April  26th Workshop is sponsored by PDEC, among others,  and is in conjunction with PDNYC, PDEC’s New York City Meetup.