The CNIL Believes that the issues of the right to return the data are essential.
"We are at a turning point today because everything has become digital, personal data is everywhere. And this data is the lifeblood of the digital economy. In France and in Europe, we are at a time when we are questioning the effectiveness of regulatory methods for the protection of personal data. As far as the legal framework is concerned, things are moving at the European level. A draft regulation was recently published that will fundamentally challenge the mode of governance of personal data regulation, without calling into question the key principles, but with a reinforcement of the rights of individuals. "announced Sophie Vulliet-Tavernier, Director of Studies, Innovation and Foresight at the CNIL, during the presentation of the "Cahier d'enjeux - Questions Numériques 2011" by La Fing, at the Gaité Lyrique on Wednesday 15 February.
The protection of the private life and personal data of fellow citizens has for many years been a major public policy issue for countries and the European Union in particular. The digital boom and the context of globalisation have made it necessary to review the existing European legal framework. The European Commission has therefore just adopted on 25 January a draft European regulation and directive reforming the data protection framework. This is therefore a historic moment which must be fully appreciated as it will shape the new data protection landscape of the 21st century in Europe.
The CNIL acknowledges that the draft regulation makes substantial progress that was expected and necessary. The rights of citizens are thus largely strengthened: recognition of a right to be forgotten, a right to portability of their data and clarification of the rules on the collection of consent and the exercise of their rights.
In 2011, as part of the UK government's MiData programme, 26 major companies committed to returning their personal data to their customers. In 2012, ten new French companies (banks, distributors, energy, etc.) and two major cities are undertaking a similar experiment. But it is proving more difficult than expected to extract data from companies' information systems: returning it to the right customer poses security problems. And consumers are not sure what to do with this influx of information. Worse, some people are starting to get indignant when they realize how much companies knew about them! They question the relationship of trust between individuals and organizations, they want to better control their lives and become aware of the shared value of data (Open data, Big data, ...).
Why not enjoy unlimited reading of UP'? Subscribe from €1.90 per week.
The situation changes when startups start offering new tools and services that allow consumers to leverage their data: better manage their budget, think about their diet, evaluate their carbon footprint, organize their travel, ... A new market is emerging: "personal data warehouses", "... digital safes« New networks are emerging, such as PatientsLikeMe which collects health data from its members to contribute to clinical research.
But are consumers really demanding?
Do they have time to devote to analyzing their data? Will they even be able to do so? Under the guise of helping individuals manage their data, isn't there a risk that new intermediaries will emerge to capture customer relationships? Data exist in very different forms; it will be difficult to aggregate them under the control of the customer and even more so, to make the new "information systems" of customers (which will themselves be very diverse) interact with those of companies. These companies learn to live by sharing their data with their customers and users. They first gain better quality information, updated directly by individuals. What they lose by becoming more transparent, more easily comparable, they regain by building a relationship of trust on an equal basis that consumers appreciate. At the same time, perverse effects are emerging. Gathering so much information at the fingertips of individuals, combined with improved analytical tools, creates temptations. Some companies are engaging in a real blackmail: without data, there is no service! Individuals do not all have the same means to resist these pressures, nor to make effective use of the data they hold. A new kind of challenge is emerging: data strikes, obfuscation, deliberate falsification of information transmitted to companies...
What changes in a breakup scenario?
The sharing of personal data with customers breaks with decades in which organizations have developed ever-increasing capabilities to capture, aggregate, process and exchange personal data, without giving anything back to individuals. It is therefore a question of equipping individuals by giving them both information (their data held by organizations, but also the data they will add themselves), the ability to use it for their own purposes, and tools to control their relationships with organizations.
The emergence of a new market: personal data management services. To make this data usable, individuals need access to tools and services that allow them to retrieve, store, analyze, exploit and exchange their data in an easy and secure way. These tools and services hardly exist: they have to be invented.
New issues to be addressed by organizations: how much does it cost, who pays, what are the benefits, what are the risks? On the individual side: how does it work, what's in it for me, how much does it cost me? What if I'm not interested? From the point of view of society, what new risks, how to avoid new abuses of power?
How do you anticipate the breakup?
First, get a head start : experiment early, monitor international experiences; then explore and test from the outset the ways to benefit from sharing personal data with customers: new marketing approaches, improved data quality, new services,... Identify the customer data available to the organization and use it to take them out of their silos (in compliance with the law), measure both their interest for customers, their cost of provision and the associated risks. Partner with the personal data management services ecosystem. Integrate the sharing of personal data as early as the design of new customer relationship management tools. And finally, intervene in professional organizations to encourage other companies to engage in the sharing of personal data.
To fight against disinformation and to favour analyses that decipher the news, join the circle of UP' subscribers.
Identifying opportunities: rebuild trust and loyalty by improving the quality of marketing databases, as customers now have an interest in updating their data, since they use it themselves.
Identifying Threats sharing high-value marketing information without any obvious counterpart, at the risk of benefiting the competition. Then pave the way for new intermediaries who could capture the customer relationship. Reveal its data collection practices to customers who may not understand them. Failing to adapt to new practices of better informed and empowered consumers. Taking technical and legal risks with respect to the security of data transmitted to customers.
Conditions for success
Playing a leading role in mobilizing around the sharing of personal data means communicating about the issues, mobilizing businesses and consumer associations, setting an example by giving back their personal data to citizens, acting at the European level to put the project on the agenda. But it also means organising forward-looking and collective work to anticipate risks in terms of privacy, abuse of weakness, competition, etc. And finally, it means supporting the emergence of the personal data management services sector.
In order to ensure effective and democratic governance of data protection, the CNIL therefore wants a participatory system, based on in-depth cooperation between competent authorities. In a context of strong international competition, the world is looking to Europe and its ability to modernize its model while effectively reaffirming privacy as a fundamental right, conditioning the exercise of other freedoms such as freedom of expression, assembly or to come and go anonymously.
(Source: Issue Paper - Digital Issues / Fing)