As the internet becomes omnipresent in our lives, individual privacy is emerging as a major social issue. These concerns are compounded by the fact that the majority of personal digital data is controlled by a handful of tech giants. This stranglehold on the digital world has created significant unease around the globe.
Current legislation has simply not kept up with the changing dynamic of the Internet and works to the benefit of these tech superpowers. With the implementation of the General Data Protection Regulation (GDPR), we will finally have a modern data protection tool. The purpose of this regulation is to harmonize rules throughout Europe and give regulators clarity and more power to impose penalties, with maximum fines rising to 4% of a company’s annual global turnover. These rules apply to all companies collecting personal data whether they are located inside or outside of the European Union, and could, if successfully implemented, lead the way for similar regulation around the world.
In general, giving consumers the freedom to decide how their personal data is used is a good thing. However, sometimes well-meaning regulatory initiatives can end up creating unintended effects that are far from the initial objectives. To illustrate the point, let’s take a look at the digital advertising sector. The debate is often presented as a tradeoff between privacy protection and a thriving digital economy. This is a false choice and as framed becomes a losing proposition for both consumers and the internet ecosystem.
The key challenge lies in how to obtain users’ consent to use his or her data. For example, for browsing data, the approach until now has been to require every website to obtain the user’s consent for the data collected on its site. This approach seems to make sense, but there are two negative consequences.
The first is that it significantly degrades the user browsing experience. Each time a user visits a new site, they have to interact with a distracting banner asking for their consent to data collection. The second consequence is that this approach largely favors tech behemoths at the expense of small businesses and publishers. A service that you use every day will automatically recognize you and will, therefore, need to ask for your consent only once. On the other hand, a small blog that you visit only a few times a year is required to ask for your consent every time you visit. The impact of this bias is that a handful of domains dominate in terms of both traffic and the massive volumes of consumer data they are able to collect.
How do we solve this problem of user consent?
A fair and effective path to addressing this issue would be to give internet users the ability to opt for portable consent when it comes to personalized advertising. Collected on one domain, this “consent portability” could then be transferred from one site to another. Rather than requiring users to click on a banner each time they visit a new site, they could make a choice which then applies to every website they visit. They can either accept the principle of personalized advertising or reject it, with the option to change their mind at any time, of course. And if they accept it, the permission is granted within the framework that GDPR requires of businesses, with clear rules and principles. If they reject it, all websites, both big and small, would have to respect this decision, preventing some from using their dominant position to force users to their own version of personalized advertising.
Consent portability creates a level playing field for small, independent websites to compete with the giants for audience and revenue. The impact of the status quo is that a few huge platforms are establishing a quasi-monopoly over personalized advertising that threatens the independence and plurality of all Internet media. It’s in the interest of no one. And a clear set of regulations on the use of data will ensure that all sites abide by the same rules, providing peace of mind for consumers on how their data is used.
Who benefits from consent portability? Everyone!
Consumers are right to be concerned about protecting their privacy online and how their personal data is used. So why would they want to provide their consent unilaterally? The answer for the consumer lies in the improvements it provides in online experience and ultimately the fact it gives them control of the use of their data.An even better extension of this concept would be to provide consumers an easily accessible privacy center where they can at any time, and from any device and browser environment, manage their settings. With the ability to provide consent or to opt out once across all sites, platforms and devices, consumers would finally be in control of their data whilst gaining a more seamless online experience. The annoying pop-ups as they move from site to site would be a thing of the past. This instantly becomes a more palatable way to receive targeted advertising.
Consent portability would benefit the entire ecosystem as it offers consumers clear ownership and control of their data usage, while providing businesses with clear rules and an opportunity for fair and healthy competition — which in the end results in better products and services.