Data protection proposals are too onerous, says advertising industry

Laura Slattery

Proposed amendments to draft European data protection regulations will "wreak havoc" for digital companies in Europe, Irish online firms have claimed.

Digital advertising trade association IAB Ireland said a proposal requiring companies to obtain the explicit consent of consumers before processing data from their site visits was unworkable and would potentially push users through a registration process.

Distilled Media, the owner of sites including Daft.ie and The Journal.ie, said the draft regulation would make “large parts of the web disappear behind login walls” that most internet users simply turn away from.

"We need to measure what people are doing on our websites, in much the same way that a supermarket needs to know the inventory on its shelves," said Distilled Media chief executive Eamonn Fallon. "If we can't do that, we can't sell advertising, therefore we have no business."

Irish MEP Sean Kelly, who drafted the European Parliament industry committee's opinion on the regulation, said the requirement for explicit consent before any "profiling" of the user takes place would force consumers to hand over more personal information, contrary to the spirit of the regulation.

The proposal, which was made by the civil liberties committee, would favour Google and other large players at the expense of smaller European companies less able to cope with a regulatory burden, Mr Kelly added.

“Some of those who position themselves as defenders of consumer rights say we have got to nail Google, we have got nail Yahoo, and so forth, and this is the way to do it. Well in actual fact, no matter what regulations we bring in, those big American companies might not like it, but they’ll adapt to it,” he said.

The draft regulation extends the definition of “personal data” to include data such as cookies and IP addresses not linked to registrations.

Some members of the European Parliament have suggested that explicit consent should not apply to “pseudonymous data”, or information on the web behaviour of a user who is not identified by name.

This has been welcomed by IAB Ireland. Suzanne McElligott, the trade association’s chief executive, said it was critical this proposal was included in the regulation. “Otherwise the internet is going to be broken.”

However, concerns remain in Europe that the concept could be a Trojan horse for a weakening of data protection regulation, while digital rights advocates say pseudonymous data is not truly anonymous.

More than 3,000 amendments have been put forward on the regulation and the European Parliament now intends to whittle these down to just a couple of hundred “compromise amendments”.

After an 18-month lobbying and drafting process, talks have stalled between the various political factions in Europe on a number of “red line” issues, including the explicit consent proposal. The impasse is likely to delay the passing of the regulation until “at least 2014”, Mr Kelly said.

The Fine Gael MEP said the fallout from the Prism intelligence-gathering affair would likely contribute to a delay. "It isn't helped certainly by the Prism revelations because that all adds to the hype that people's data will subject to all sorts of invasions."

Mr Kelly said he had met the US ambassador to the EU, William Kennard, this week about US authorities' use of data originating from outside their jurisdiction. "It is embarrassing for them," the MEP said.

John Patten, director of Irish advertising network Digitize, said there was "a lot of unnecessary fear being stoked up" and "a huge amount of misinformation" about companies' ability to exploit users' personal data. Mr Patten said the regulation would "wreak havoc" for online businesses in Europe if it went through in its current form.