European Union is in the process of passing a set of stringent and punitive regulations to protect user data privacy laws in Europe. These laws will provide regulatory authorities with powers to levy heavy fines on companies which fail to abide them.
A brief summary of few of the proposed regulations are mentioned below:
- A single Regulatory authority is intended to be set up for the whole European Union. This will save time, effort and money for companies who had to earlier tackle with multiple authorities across the European Union. The decision to bring all the European countries under one umbrella with one set of data privacy laws in Europe is a positive step which will save them the difficulty of dealing with multiple authorities. EU claims that there will be a saving of about 2.3 billion dollars by the creation of this single supervisory authority for Europe.
- The new rules and regulations are applicable to non-European companies also, if they want to do business in Europe.
- As per the set of new data privacy laws in Europe, onus is on the company to publicly declare serious data breaches if any, which means they can’t wrap it under the carpet. Severe punitive measures will be taken against the defaulters.
- There is a provision of “right to be forgotten” in the new data privacy laws in Europe, wherein a company has to delete all the personal information of a user when the user ceases his relation with the company. This data cannot be used by the company or any other marketer to track the user later.
- A hefty fine of 4% of global turnover is proposed to be imposed on a company who fail to comply with the new data privacy laws in Europe. If you consider an example like say of Apple which had a 234 billion revenue generation in 2015, hypothetically it means that about 10 billion can be fined from it for non-compliance of the new laws, which is a staggering amount to consider.
- Digital “age of consent” which is 13 now is being raised to 16 – which will be a big blow to companies like Snapchat as it has a big chunk of its database in the age group below 16. It is learnt that Google, Twitter and Facebook had lobbied against this proposal to the last minute. It was subsequently decided to leave the decision to the member states to determine the cut-off age for consent as deemed appropriate by them.
- It is being made mandatory for large companies to appoint a data protection officer as per the new data privacy laws in Europe. The new data privacy laws in Europe is also applicable to companies dealing with data processing as their core business activity. This will perceivably raise the bar of accountability level of companies.
One other concern in the marketing industry about these new set of data privacy laws in Europe is about the imposing of prior and explicit consent from a user before targeting him with ads.
Now, it is very difficult to gain prior consent from users for advertising purposes. While an opt-in consent can be extracted from a user to gain his consent – this is effectively possible only for big shot platforms like Google and Facebook – where users are the ones who need these platforms. But in case of smaller companies, chances of getting an opt-in consent from a user is remote, thus making it difficult for them to target ads to such customers. Effectively, this scenario will provide more power to platforms like Google and Facebook to exert their might in the marketing industry in future.
Digital marketing industry will be severely affected if these proposals are ratified by the lawmakers. It is assumed that it will take about 2 years for these laws to come into effect. To some extent the industry itself is responsible for this situation – as aggressive and uncontrolled targeted marketing has been on a steep rise and many users were concerned about their privacy and existing laws concerning the handling of private data are more about protecting the rights of business than the rights of the individual.