THE BLOG
22/06/2015 10:38 BST | Updated 22/06/2016 06:59 BST

How Much Data Protection Do We Need?

The EU recently moved closer to creating pan-European data protection regulations. Unsurprisingly, the latest announcement didn't generate acres of coverage - perhaps because it was just the most recent milestone in a long and laborious process - three and a half years and counting. For reference, the EU has now agreed 'draft regulations'. These regulations, covering a myriad different data and privacy issues, will then go to the European Parliament for further amendments. Finally, if nothing else upsets the apple cart, the new rules will be translated into national legislation some time in 2016.

The directive is designed to harmonise rules across Europe (in theory making it easier and cheaper to do business) and to reinforce the privacy of all EU citizens in the rapidly changing digital environment. Laudable goals, but this grand vision is hampered by its broad scope. One case in point is buried in Article 6(4), which allows companies to change how and what they do with data if they can show 'legitimate interest'. Is this a move to create work for Europe's legal community in the future in relation to what exactly constitutes 'legitimate interest'?

The overall imprecision and elasticity of the directive - there are 35 flexible provisions that member countries have a lot of scope to implement - means that whatever happens in the negotiation process, large parts of it could vary significantly between countries. In short, the chances of the EU having strong and standardised data protection rules remain slender.

Of course, the reason for this legislative fudge is pretty simple: privacy is a very complicated and subjective concept. Some people are very comfortable sharing their personal information, appearing on Google searches and receiving marketing offers from businesses they haven't been in direct contact with; others are very wary of any use of their data - '1984!' they cry.

Culturally, the expectation of privacy also varies significantly between countries. France is currently pushing hard to have the 'right to be forgotten' extended to Google search engines in every country. This is not an issue that many people in the UK have paid attention to. Similarly, outrage in Germany over the Edward Snowden spying revelations was all encompassing. In the UK, despite The Guardian's best efforts, it provoked no more than a collective shrug. After all, Britons are inured to living in one of the most monitored societies in history.

So if the expectations of privacy varies massively between countries and individuals, how should we determine where the line should be drawn? The answer is far from clear, especially when you add the problem of businesses constantly inventing new ways to collect and use personal information.

It may sound odd coming from the CEO of a data science company, but my personal opinion is that people need to expect and demand much more protection. The advent of wearable devices and the growth of smart cities is going to vastly increase the scope for businesses to misuse personal information. We have to assume that some companies will cross the privacy line and do things with personal data that are at the very least ethically dubious and potentially creepy. When this happens, you would expect some kind of legislative recourse. The absence of government intervention will demonstrate the absurdity and toothlessness of ambiguous clauses like 'legitimate interest'.

Pushing for strong and transparent data protection rules isn't only in the interest of the man or woman on the street, it will benefit businesses too. Making the rules of the game clearly defined creates a level playing field within which businesses can innovate. It also helps to ensure that the public retains trust in how companies use their data. Furthermore, it will make sure that businesses that are prone to skate on the edge of propriety (think annoying PPI or personal injury claims firms) will be kept in check, helping to make sure that there isn't a widespread consumer backlash against new concepts like smart cities.

Mike Weston is CEO of data science consultancy Profusion