In a matter as important as our privacy in the digital environment, it is my hope that we begin to move beyond simplistic platitudes, and dive deeper into the actual and foreseeable consequences of the proposed ePrivacy Regulation. Far too often the debate doesn’t get beyond clichés like: "The right to privacy is fundamental and cannot be questioned"; "Consumer trust is the basis for growth," or "consent requirements will strengthen the market position of legacy media." These may be great slogans, but the severe consequences of the proposed ePrivacy Regulation do not seem to be properly understood.
The Charter of Fundamental Rights of the EU states that “Everyone has the right to respect for his or her private and family life, home and communications”. However, that right does not exist in a legal vacuum, and needs to be balanced against other fundamental rights and considerations. Respect for private life does not mean the right to absolute anonymity in either public spaces or on the domain of others. For example, you would not question not being allowed to enter a drug store wearing a mask. Actually, you would probably find it very discomforting if you suddenly were surrounded by masked people. Yet on the internet, it’s often considered a violation of your privacy if you’re given a cookie ID, the online equivalent of unmasking a customer. When we implement the respect for privacy in a digital context, we have to take a hard look at the actual consequences of those implementations.
Another problem in the debate is the constant tendentious interpretations of biased surveys. It’s the oldest trick in the propaganda book: You ask people if they think something obvious is important and most will naturally agree, and then you present the prominent level of support as if there is an urgent demand for imposing new regulation. Here you ask people if they want personal information on their computers to be protected or their e-mail to be confidential, and of course the overwhelming majority answers “yes”. This outcome is now being used to justify a new prohibitive ePrivacy Regulation. Ignoring the fact, that it is already illegal to conduct secret tracking and there is a very strict regulation for processing personal information.
There is also the common misconception that prohibiting targeted advertising would strengthen the market position of legacy media. The reasoning is that Google and Facebook have conquered almost the entire growth of digital advertising revenue over the last 10 years by outperforming the rest of the market using their massive amount of user data for targeting – this much is true. But the theory seems to be, if the use of data for advertising is practically prohibited, advertisers would have to resort to old-fashioned contextual advertising again for the benefit of the news media. This wish to turn back time is more sentimental and naive than it is realistic. Advertisers would have many better alternatives.
The ePrivacy Regulation does not prohibit data in advertising - it only requires prior consent. Big successful players like Google and Facebook already have consent, and are in a prime position to obtain it where they don’t already have it. Legacy media do not have the same user relationship and login services, and they are the ones who are likely to be hurt the most by the added requirements and European news media will have their advertising product weakened considerably and their user experience hurt by well-intentioned privacy protection.
Data and privacy protection is a complex area that requires a nuanced regulative approach and not an over-simplistic blanket approach to technology and markets that only works on paper. So, let’s get past this tiresome push for a “consent-for-everything-quick-fix” and work on some real solutions that allow for transparent data-driven advertising, informed user control and really respects everyone’s digital private life.