EU plans to reform data protection law are running into difficulty due to scaremongering lobbyists
Spring may not really have sprung, but European Justice Commissioner Viviane Reding is already getting hot under the collar about plans to reform data protection law in 2014.
In 2012 the message was simple – one law throughout Europe. A single digital marketplace would give Europeans the edge and everyone must comply when dealing with Europeans. The European Commission had the US technology giants in its sights.
But those plans are getting bogged down ahead of the LIBE committee (on civil liberties, justice and home affairs) vote next month, threatened by scaremongering lobbyists and ministers. In particular, debate has focused on how to obtain a person’s consent to process their personal data online.
But how does all this affect your average Spandex-loving, cycling-into-the-City-from-Cambridge-at-the-crack-of-dawn, semi-athlete-type lawyer?
This is the same person who, at the tap of a button, can tell you they have a resting heart rate of 34bpm, a cholesterol level of 1.9 mmol/l and has taken 12,329 steps since leaving home two hours ago, all using the apps on their mobile.
Apps, of course, allow us to monitor our lifestyle in an unimaginable number of ways, but of greater significance will be the way consumers are encouraged to share this information with businesses. Cheaper insurance is already on offer to those committed to the gym, while those who have their driving habits monitored will find their good behaviour rewarded.
So imagine health insurance offered to those who agree to record what they eat, have their every waking step monitored and have every pub and takeaway they enter into checked-in via an app. What happens if your insurer decides you have been living unhealthily recently? Could they use your details to book you an appointment with a GP, a slimming club or a quit smoking clinic? Can you be persuaded to go with threats of higher premiums if you do not, or penalised for refusing to be monitored?
If data is the new currency, apps are the new way of obtaining it, but the supposedly future-proofed draft regulation does not reflect this new world. It perpetuates the same old restrictive thinking on how processing data should be justified and leaves us in the increasingly difficult realm of balancing legitimate interests, ascertaining consent, relying on other grounds or trying to characterise information as not being ‘personal’. What’s more, the Article 29 Working Party has, like an afterthought, just released an ‘Opinion’ that states personal data can only be processed via apps if fully informed, freely given and specific consent is obtained for each type of processing. Upfront.
How innovative. Perhaps Commissioner Reding should start back-pedalling.
Mayer Brown IP senior associate Oliver Yaros assisted with this article