Wednesday

21st Nov 2018

Opinion

'Consent' - the good, the bad and the ugly in e-privacy regulation

  • Rules are now tighter in the EU and beyond, businesses and public authorities are sweating to be compliant.

Trying to link a spaghetti western with digital privacy might seem as a stretch: but in Europe, we are reaching the climactic showdown of how to efficiently protect privacy online, without hampering innovation and our continent's global competitiveness.

Just two weeks ago, the EU's famous General Data Protection Regulation (GDPR) entered into application.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 18 year's of archives. 30 days free trial.

... or join as a group

  • Do you feel more or less protected by clicking 'yes'? (Photo: Roel Wijnants)

Rules are now tighter in the EU and beyond, businesses and public authorities are sweating to be compliant.

But GDPR is not enough for the EU legislator: a new ePrivacy Regulation is on its way and will impact the European digital economy even more.

Telecoms ministers have a choice: either they can decide to reinvent the wheel of GDPR, and fall prey to a supposed silver bullet – consent. Or they decide to go for common sense, and move the discussion in a sensible realistic direction. We are not there yet.

According to some, the silver bullet that will save our privacy is consent.

I agree that consent is important to empower citizens when their personal data are used. I need to know and agree that my personal data are processed to receive promotional offers from my favourite shop for example.

But similarly as in the famous face-off in Sergio Leone's film, what is crucial is not the plain action itself but the way in which the scene unfolds.

Consent has to resonate to be meaningful and to be valid. And it should be used where the risks for the individual are high, where the protection is most at stake. This is good.

But if consent is used for everything and excessively, it devalues consent. This is bad.

I lost count of the number of emails and messages I received in the past weeks asking me to re-consent in view of GDPR.

How many times have you actually read the entire 17,000-word privacy notice before agreeing to share your data? Do you feel more or less protected by clicking 'yes'?

Will the connected car only drive if the owner is constantly pressing buttons on their dashboard to consent to various data-based operations, like communicating with the road infrastructure or the car ahead?

In the EU, we aimed at creating a true culture and awareness of privacy protection through the GDPR. It will protect citizens from data scandals like the recent Facebook/Cambridge Analytica case – ePrivacy is not relevant here as we have all the protection and sanction tools we need with GDPR.

Proper enforcement of existing rules is needed – not always new laws. GDPR is an important step forward, it is being copied world-wide and is a real improvement for EU citizens and companies.

We should be proud of that achievement even if I would have wished for less constraints on our economic actors.

The GDPR insists on the fact that consent is only one way of protecting an individual's data. It recognises that it is not appropriate in all situations. Yet in the currently negotiated ePrivacy Regulation, we risk undermining that pragmatic approach. This is ugly.

Where the GDPR puts consent in a broader context tied to a risk-assessment, the new ePrivacy Regulation elevates consent into an "all or nothing" approach. This is all the more surprising as EU regulators seemed to have recognised that clicking endless cookie-banners online does not lead to more privacy.

Cost/benefit analysis

Instead we should orient the ePrivacy Regulation along the real question: what is the true risk or potential harm for the individual when using innovative services?

The GDPR gives us many tools that should be part of ePrivacy, as they sit more comfortably with new technologies: concepts such as transparency, data sovereignty, opt-out solutions, right to object and innovative privacy-protective measures like pseudonymisation or encryption. These ensure that companies are held accountable – together with the fines – depending on the data-intensity of their business operations.

Let's focus again on the assessment of the risks and potential harms: this is what we want to prevent. Consent can be a silver bullet – so let's not overshoot but use it wisely.

EU ministers in Council have a chance to make the text future-proof.

I call on them to ensure we are not deceiving our citizens and stakeholders. We are dishonest if we promise our citizens that consent always gives them control over their personal data and their privacy.

If badly implemented – as seen in the Facebook/Cambridge Analytica case - it does the opposite: consent leaves little for the individual to remedy. As a user, I have effectively given away my control rather than to retain it.

It can become a boomerang bullet.

Axel Voss is a German MEP with the CDU, part of the European People's Party

GDPR - a global 'gold standard'?

The new EU privacy rules are touted as a global 'gold standard' - but Mexico's former data commissioner warns some nations are far from ready.

New GDPR enforcer says complaints imminent

The European Data Protection Board is a new EU body tasked with enforcing the EU's privacy laws with powers to impose massive fines. Its head Andrea Jelinek told reporters complaints against companies are expected to be immediate.

Analysis

GDPR does not (yet) give right to global oblivion

The 'right to be forgotten' will become enshrined in EU law on Friday, but it is not yet clear to what extent it will apply. Will the EU's law determine how the internet looks globally?

Focus

Are EU data watchdogs staffed for GDPR?

The success of the new general data protection regulation (GDPR) will depend on whether data protection authorities enforce the new rules - which, in turn, will be at least partly determined by how many people they employ.

Column / Brussels Bytes

The EU cannot shape the future of AI with regulation

If the EU continues to over-regulate AI, its AI systems will fail to compete on a global scale and the technology's long-term future, for better or worse, will be shaped by the United States and China.

Panic is not answer to EU's security challenges

EU foreign ministers must choose between contaminating their civilian missions and operations with panic over security and migration, and reaffirming the EU's core values as a global actor for peace and development.

News in Brief

  1. Hungary grants asylum to ex-Macedonia PM
  2. UK court rules against government in Article 50 case
  3. May to meet Juncker on Wednesday to finalise Brexit deal
  4. Future of EU's Mediterranean naval mission in doubt
  5. EU budget talks for 2019 collapse
  6. EU mulls new Russia sanctions over Ukraine 'elections'
  7. EU farm chief 'confident' sugar prices will recover
  8. Researcher: EU expert groups still imbalanced and opaque

Why 'Spitzenkandidat' is probably here to stay

The power of the parliament to 'appoint' the president of the EU Commission is new, highly-contested - and not universally understood. In fact, even some of the lead candidates to replace Jean-Claude Juncker are against it.

Stakeholders' Highlights

  1. NORDIC COUNCIL OF MINISTERSTheresa May: “We will not be turning our backs on the Nordic region”
  2. International Partnership for Human RightsOpen letter to Emmanuel Macron ahead of Uzbek president's visit
  3. International Partnership for Human RightsRaising key human rights concerns during visit of Turkmenistan's foreign minister
  4. NORDIC COUNCIL OF MINISTERSState of the Nordic Region presented in Brussels
  5. NORDIC COUNCIL OF MINISTERSThe vital bioeconomy. New issue of “Sustainable Growth the Nordic Way” out now
  6. NORDIC COUNCIL OF MINISTERSThe Nordic gender effect goes international
  7. NORDIC COUNCIL OF MINISTERSPaula Lehtomaki from Finland elected as the Council's first female Secretary General
  8. NORDIC COUNCIL OF MINISTERSNordic design sets the stage at COP24, running a competition for sustainable chairs.
  9. Counter BalanceIn Kenya, a motorway funded by the European Investment Bank runs over roadside dwellers
  10. ACCACompany Law Package: Making the Best of Digital and Cross Border Mobility,
  11. International Partnership for Human RightsCivil Society Worried About Shortcomings in EU-Kyrgyzstan Human Rights Dialogue
  12. UNESDAThe European Soft Drinks Industry Supports over 1.7 Million Jobs

Latest News

  1. Boycott threats mount on eve of Interpol election
  2. EU parliament to renege on transparency promises
  3. Cyprus and Greece to create EU spy academy
  4. MEPs likely to delay vote on greater transparency
  5. Cold shoulder for Franco-German euro budget plan
  6. Whistleblower: Danske Bank gag stops me telling more
  7. Spain raises Gibraltar, as EU and UK talk post-2020 relationship
  8. Panic is not answer to EU's security challenges

Stakeholders' Highlights

  1. Mission of China to the EUJointly Building Belt and Road Initiative Leads to a Better Future for All
  2. International Partnership for Human RightsCivil society asks PACE to appoint Rapporteur to probe issue of political prisoners in Azerbaijan
  3. ACCASocial Mobility – How Can We Increase Opportunities Through Training and Education?
  4. Nordic Council of MinistersEnergy Solutions for a Greener Tomorrow
  5. UNICEFWhat Kind of Europe Do Children Want? Unicef & Eurochild Launch Survey on the Europe Kids Want
  6. Nordic Council of MinistersNordic Countries Take a Stand for Climate-Smart Energy Solutions
  7. Mission of China to the EUChina: Work Together for a Better Globalisation
  8. Nordic Council of MinistersNordics Could Be First Carbon-Negative Region in World
  9. European Federation of Allergy and AirwaysLife Is Possible for Patients with Severe Asthma
  10. PKEE - Polish Energy AssociationCommon-Sense Approach Needed for EU Energy Reform
  11. Nordic Council of MinistersNordic Region to Lead in Developing and Rolling Out 5G Network
  12. Mission of China to the EUChina-EU Economic and Trade Relations Enjoy a Bright Future

Join EUobserver

Support quality EU news

Join us