• by Ari Levenfeld , Op-Ed Contributor, February 9, 2017

Most people don’t realize the Internet existed 25 years ago. Today, many people regard Internet access as a fundamental human right.

That’s part of what ideas like net neutrality or even the sharing economy are all about. In the European Union, privacy is also regarded as a fundamental human right. This point of view is not unique, privacy is included in the UN Declaration of Human Rights and other treaties.

Look at the history of the 20th century for examples of what happens when those in power overstepped boundaries, invaded personal privacy and abused their citizens.

To support the idea of privacy as a fundamental human right, the European Commission has drafted two regulations related to data use and privacy that will be enforced across the European Union beginning in the summer of 2018.

It’s unclear whether these new regulations will serve to protect EU citizens’ privacy rights, or merely make it harder for smaller companies to do business in Europe and tilt the playing field toward giant corporations.

The General Data Protection Regulation (GDPR) and the ePrivacy regulation represent a substantial departure from the status quo in the way information may be collected and used in Europe, which is also the same information that’s used to provide free information and services to EU citizens.

According to U.S. News and World Report, the regulations could create a substantial trade barrier and affect U.S. technology companies that provide information or services for EU users.

The results of this change means that many digital publishers, who subsidize their free content and services with advertising, will have to find another way to keep their doors open, or close them because they can’t pay their staff’s salaries.

One Size Does Not Fit All

The GDPR and ePrivacy regulations outline the same rules and permission requirements for many different types of information.

For example, personally identifiable information (PII) that can easily be used to figure out who you are, like your name, your cell phone number or your home address, are treated the same as less personal categories of information commonly used as pseudonyms, and utilized by companies to protect the actual identities of individuals.

These less personal categories of data were created or chosen to obscure people’s actual identities, and to make online information collection more privacy friendly. Examples of this include, pseudonymous IDs, a cookie or an IP address. Placing all types of data into the same bucket with the same set of rules removes the incentive for companies to only look at pseudonymous, more privacy friendly data.

If there’s no benefit to avoid the collection of names, phone numbers or other personally identifiable information, why not collect everything? This is not good for consumer privacy, and runs counter to the incentives that are built into many self regulatory guidelines.

Another Victory For Big Business

The idea that one set of privacy rules apply to all types of information is akin to using the same set of safety rules for building paper clips and airplane engines.

The rules will now require consumers to provide opt-in consent for data to be collected. That opt-in consent that may now be required by the regulations could prove hard to obtain for those companies that provide backbone services to the Internet, but don’t have a direct relationship with consumers to ask for the now required opt-in permission.

These B2B companies were set up to provide service and operationalize sites that have a direct connection with consumers. Since these smaller B2B companies don’t have a direct connection with consumers (by design), they may have no easy way to continue doing business while complying with the law.

As a result, Web sites and services that rely on small companies for revenue may find it difficult to continue to exist. 

Privacy And A Free Internet Can Be Fundamental Rights

While the letter of the law might be written, its interpretation is not.

There is still time to contribute to the interpretation of both regulations through participation in efforts of groups like the IAB EU, and by directly providing feedback.

These are complex laws and their implementation will have potentially huge repercussions for both businesses and EU citizens. Privacy is a fundamental human right, and it shouldn’t require dismantling the free Internet that is fueled by information.