All parties and stakeholders should continue to work hand in hand for high data protection’s standards all over Europe and generate the trust that is needed to reap the benefits that the digital revolution can provide.
The biggest lie on the Internet is ‘I have read and understand the Terms and Conditions’. At best one briefly scans a document that would otherwise make for a long and tedious read in legalese, especially for a non-English speaker.
In truth, no one really reads the fine print. To be perfectly blunt, who has the time – or desire – to ponder over a lengthy legal document in order to obtain access to a service or app?
Users of these services often have no other alternative. But by accepting their terms, they weaken the control they have over their own data. It is unclear whether these conditions are always lawful and proportional.
Furthermore, users are obliged to accept regular updates. Previously, one had the option of installing them or not, but not anymore.
These obligatory updates occasionally lead to critical problems and after an update, users must verify their privacy settings, as changes can be made without explicit notification. To make matters worse, public authorities sometimes ask us to use these technologies to interact with them.
Actions can and should be taken to protect European users. New ICT technologies should guarantee the privacy of potential users prior to their introduction. Effective privacy enforcement should be guaranteed by demanding privacy by design and fostered by mechanisms that prevent the unnecessary collection of data.
The handling of personal data should be more transparent. Companies should collaborate on these issues, and regulation should define what minimum level of security is reasonable.
A number of alternative approaches are possible.
Prior to the introduction of new operating systems, services and applications, a certificate of conformity as proof of compliance with the EU General Data Protection Regulation and national Data Protection Acts could be required. A permanent independent group of experts could be established to execute mandatory checks.
Service providers could adopt a more preventive approach. The existing opt-out approach could be replaced with an opt-in model, whereby the transfer of personal data is explicitly authorised by the user and default settings initially prevent such a transfer.
Service providers could clearly inform users what data is transmitted and guarantee that none will be without their explicit authorisation. They should also ensure that third parties cannot obtain this data.
The European Commission’s recent proposal to introduce new legislation to guarantee privacy in electronic communications is a step in the right direction.
But all parties and stakeholders should work hand in hand to protect consumers and companies and generate the trust that is needed to reap the benefits that the digital revolution can provide. Together let us stop the biggest lie on the Internet.
Picture credits: InsideOut Project