In a world that is becoming increasingly determined and governed by our online activity, it’s no wonder that the ‘right to be forgotten’ exists as a component of human rights law. More specifically, it exists as a part of the EU’s General Data Protection Regulation (GDPR), where there is an article dedicated to the ‘right to erasure’. GDPR, when implemented in May next year, intends to replace existing legislation as a way of giving people the freedom to regulate the digital footprint that they leave behind. The current directive, written during the adolescent years of the internet, has started to show cracks and loopholes have been exploited. GDPR’s primary objective is to bring control of personal data back to the users, and while the right to be forgotten is being written into this new legislation, this doesn’t mean that whatever we request be deleted is immediately erased without question. So, what do these new rules mean for our personal data, and what how will it affect the businesses who store and use this data? We will take a look at how these changes could alter digital advertising and how people engage with brands online.
Under this new data protection rule, you will have the right to have your personal data held by a company erased if that data is no longer needed for your engagement with that company or if you withdraw your consent for them to use it. For example, you can ask an online retailer to delete all of your account information and your purchasing history with them, but only if you no longer want to shop with them. They would not be able to process your order if they didn’t know things like your name and address.
In addition, gone will be the days of default opt-ins and pre-selected tick boxes that give consent for X, Y and Z and gone, too, will be the uncertainty of how your data is used. This new, tougher approach to the rights surrounding erasure extend the meaning of personal data to include your IP address and internet cookies as well. What’s more, under the new legislation, companies will face increased penalties should they breach the rules. While this will hopefully encourage a more serious approach to data protection, it could have negative repercussions for SMEs.
In recent years, targeted advertising has become increasingly popular, helping bring products and services directly to the consumers who are looking for them, an arrangement which benefits both the consumer and the business alike. In order to bring people these sophisticated targeted ads, as opposed to irrelevant spam, Google uses a complex, self-teaching algorithm to identify innumerable aspects of each individual, from behaviour and geography to interests and previous search history. By doing this, Google can determine exactly what the consumer wants and bring it to them in the form of subtle but effective advertising. This is good news for small businesses whose marketing budgets cannot afford wasted spend on advertising to the wrong audience. We are able to produce very cost-effective marketing strategies for small businesses, precisely because we are able to be highly targeted with our campaigns.
However, with the new legislation allowing users to opt out of marketing and targeted advertising at any time, this could pose a threat to how SMEs attract new customers and grow both their brand and revenue. It seems to me, though, that much of the problem stems from the mystery surrounding how our data is collected and used. While it should be acknowledged that there are companies who exploit personal information, much of the data that is kept about us isn’t as incriminating or personal as we might think. Although there is a risk that many users will exercise their right to be forgotten and contact big data companies like Facebook, Google and Amazon requesting the removal of the same data which makes their advertising platforms so effective, how many people actually care enough to do this? Realistically, when was the last time you read the fine detail of a Facebook data policy update or sifted through the nine-page PDF that is Google’s privacy policy? And even if you do ask a company to delete your data, it’s not necessarily that straightforward; if a site is deemed to have a strong public interest or scientific/historical importance, then a request for it to be delisted could, under current regulations, quite reasonably be denied anyway.
Over the years, tremendous effort has gone into creating a more user-friendly and personalised online experience and this is something which benefits a lot of us. I think that these new rules will actually give users more confidence engaging with the data giants as we move closer to greater transparency and a better understanding of how our data is used. To have this experience, however, we must accept that some of our data needs to be stored and analysed. In any case, with the proposed bill prompting controversy left, right and centre, nothing is set in stone yet.
FSM