As industry debates data protection and data privacy, Ascent asks three experts for their views on whether regulation is hurting consumers
Mark Roberts is an Associate Partner at Atos Consulting and Head of Information Governance Risk and Compliance Practice in the UK
I was at a health expo the other week and witnessed the rise of health-related wearables, each generating masses of sensitive information about our well-being. Yet are we really happy with this? In my view, consumer-owned data offers a way forward. My health record, for example, is mine and mine alone. I should own it and determine who it is shared with. Responsibility for its confidentiality, integrity and availability is then vested in the person who cares about those things the most – me. From this we can develop a standardised way of me giving consent to others to access my personal data. I can see at a glance, on my smartphone perhaps, who I am providing access to and why. The forthcoming General Data Protection Regulation (GDPR) will be another important step in placing power in the hands of consumers. The draft regulation is expected to contain a number of consumer rights, including the right to be forgotten. Every organisation will be forced to ask itself: do you know the full extent of the data you hold on a particular individual? Can you be confident you know exactly where that data is? And can you be certain you can erase it all and prove that it has been erased? The GDPR may encourage consumers to ask more questions about the safeguarding of their data. At the very least, it’s likely to generate interest in the subject and result in potentially awkward questions for some CIOs.
Giovanni Buttarelli heads the European Data Protection Supervisor, an independent authority devoted to protecting personal data and privacy and promoting good practice in EU institutions
Data protection should not be seen as an obstacle to slow down innovation, nor as an open door for increasingly invasive processing of personal information. I believe Big Data challenges can be met without changing the existing safeguards by implementing them in a more innovative way. For example, notices to users should be concise and written in plain language, so it is easy to understand the consequences of the choices we make. Current user agreements are so legalistic that no-one reads them. When you click on ‘I accept’ it is not exactly acceptance, it is simply ‘Come on, I need to get to the office!’ Having solid data protection doesn’t mean reducing access and availability of information, it just needs more innovative thinking. And in managing this, the digital single market and the principles of privacy by default can create job opportunities – a new market for new professions.
Karl Alles is Head of Operational Control for Worldline, an Atos company and European leader in the payments and transactional services industry. Worldline provides data processing services to help financial institutions reduce their exposure to fraud.
The way data protection legislation stands, if a bank wants to use a customer’s data to offer them a new service, such as fraud protection, they have to go back and ask the customer for permission to use their data for that specific purpose. This is clearly limiting for business but it is limiting for customers too. The culture around privacy is changing. Young people don’t have a problem sharing their private information and these are the customers of the future. The collection of data is about selling more of the right things to the right people and, if we get it right, they will find it easier to access the right information at the right time. For example, connected cars will give a more convenient way of travelling – knowing where you are, where things are. This will give a lot more flexibility and comfort in life.