A leaked European Commission document proposing changes to data protection across Europe will require B2B customers to ‘opt-in’ and actively request all future direct marketing contact.
This will apply to mail shots, email blasts and telemarketing. OK, the document is not the finished legislation, but take a look at some of the proposals:
- An ‘opt-in’ only regime for all forms of direct marketing – the Regulation would prohibit any use of personal data for commercial direct marketing purposes without consent. Both B2B and B2C. Current legislation is geared towards ‘opt-out’.
- The introduction of a new ‘right to be forgotten’ – which means individuals can request their data is deleted and not even used for the purpose of suppression. The provision is not limited to online services – it would apply to all businesses.
- Additional requirements for a valid consent – the Regulation would not only require businesses to request consent, but it would also increase the burden to gain and document such consent.
- A requirement to obtain consumer consent again for a change in use of data formerly collected for different purposes.
- An emphasis on greater transparency by means of additional obligations, such as requirements to:
- Limits on profiling – the Regulation would limit any type of profiling of individuals with significant effect for the individual. In many cases, the individual’s consent would be required to carry out such profiling. This would limit the ability to use scoring or measurement tools.
- International data transfer limitations – Greater limitations on data transfers outside the EU will make it more difficult for companies to operate globally and to use services providers outside the EU. The increased level of protection under the Regulation could make it difficult to provide adequate safeguards.
- The new legislation will take the form of a Regulation, rather than a Directive – this means the legislation will take immediate effect across all 27 Member States.
- a) designate a privacy officer
b) implement data protection ‘by design’ and ‘by default’
c) notify the authorities and subjects of data breaches, and carry out impact assessments
These revisions have been several years in the making, and our best guess for implementation is 2014. But that does not mean we can relax, the ‘opt-in’ lobby at the European Parliament is growing and it’s wise to work on the basis that this Regulation may be approved.
January 28 is the day Europe celebrates ‘Data Protection Day’ (no, we are not joking). It seems like a good time to write to your MEP and express any concerns you have about this legislation. Not sure of the name of your MEP? Just go to WriteToThem.com.
The draft text of the European Union’s new Data Protection Regulation was published on Wednesday 25 January, 2012. This is the start of a long process during which the draft Regulation will be debated in the European Parliament and by the Council of Ministers. The current Data Protection Act will continue to remain in force until the new Regulation is passed (which could take up to four years).
The draft did not go as far as heralding a comprehensive ‘opt-in’ only regime – but it came close. While companies wouldn’t necessarily have to get people to tick an opt-in box, they won’t be able to take for granted that they have consented to receiving marketing information.
The draft Regulation also classes IP addresses as personal data. This would result in web analytics no longer being available to companies. It also recommends giving individuals the right to request companies delete any information they hold on them. This has been designed specifically to enable people to delete their social media accounts.
Follow Us!