Countries used to go to war over oil, and may do again. Today, it seems like countries will go to war over data – at least with tech companies, not each other. After all, data is the new oil (although its value may be going the same way).
For a long time, we were in thrall of the big tech companies, blinded by the new toys, services and worlds they opened up for us. Unknowingly, we clicked the magic button and entered nirvana, blissfully ignorant of what we had just agreed to.
Those Terms & Conditions were just too long to read, right? And no one else seemed to care either, did they? What harm could there possibly be? Actually, we had just agreed to give up any rights to what we thought was our data, and said, “Yes, you can use our data to make you money.”
Now, it seems the worm is turning. We have become aware that our data is being used to profile us, and those ads we used to click now come back to haunt us with similar products being pushed our way long after we bought the product or lost interest altogether.
Customers are now blocking adverts in the hundreds of millions. Government funded research is looking at how customers can regain control of their data. Tech companies are going to court over the rights of their customers to be informed when governments ask for their data.
And the European Parliament, after fours years of paying consultants and civil servants far too much, has “adopted a historic reform of EU data protection legislation”.
Supposedly in two years’ time, the new General Data Protection Regulation will “enable people to regain control of their personal data in the digital age”. This means “having clearer and more understandable information on how our personal data is processed.” Even better, “we will also have the right to know when our data has been hacked and we will be able to transfer personal data between service providers thanks to a new right to data portability.”
So, that’s OK then.
Forgive our natural cynicism, but ignore the polished nature of the announcement and ask yourself whether there is the slightest chance that 28 individual data protection bodies will: a) comply; and b) quietly hand over their power to the notoriously inefficient, bureaucratic and allegedly corrupt bunch who sit in Brussels.
But at least the sentiment is right, and it will be nice to be proven wrong.
What will happen in the next two years will be fascinating. Think for a start of the tech companies that are already turning from poacher to gamekeeper. Put another way, they are transforming from companies that mercilessly used our data for profit to companies that publicly protect our data against all comers, even governments. Already Microsoft is heading to court to fight the US government over whether they should be allowed to tell their customers that the FBI or whoever has requested their data.
Then there’s the fact that governments in different regions will establish different policies, standards and controls to protect privacy that may go too far or not far enough. Which raises the (hopefully) obvious question: what happens when your data goes from one jurisdiction to another?
And what will happen in the two years before the new EU data protection law comes into effect (assuming it actually does)? A lot of lawyers will get very rich. The tech vs government battle will heat up dramatically. The landscape will change to such a degree that the EU may end up paying consultants and civil servants far too much to come up with something more relevant.
What might also happen is that we get control of our data. That would be nice, and it would give the customer the power of negotiation with service providers.