Data has been described by some analysts as the new oil, capable of offering investors a lucrative, profitable return on their investment. Is this true? Can data really be worth as much as crude?

Traditional advertising has always been a profitable exercise but when has it ever been compared to black gold? Never. Targeted advertising is the game-changer.

Internet Free.dom

Those who first conquered the unused prairies and vast open savannahs of the electronic globe in the late 1990’s early 2000’s spoke in grandiose terms of  the internet’s future. The new electronic Utopia, they argued (and still do), should be a free open space where ideas, thoughts and knowledge are exchanged in the open – free from government shackles or demeaning commercial transactions.

Zuckerberg – a somewhat nerdy, one-time Harvard undergraduate – is a spawn of this philosophy.  Open access. Free use. Unrestricted content. His philosophy and service destroyed and crushed companies who were pertinent enough to charge a fee such as Friends Reunited. Time and again Z. has vowed to keep FB free of charge.  So far he has managed to stick to that pledge. But for how long?

The question is, when Z. developed FB in his student digs in 2005 did he really believe that his baby was going to be “free” forever or did he just ride the million dollar investment wave that carried him to Palo Alto and worry about how to pay investors back at a later date?

Zuckerberg’s baby was born into an internet that was free – both in spirit and in fact – but like any baby, to survive it needs nourishment as well as attention.

Investors care not a dot about ideology. They care about getting a return on their investment. Having spoon-fed and nourished FB into adult-hood it is time for FB to go out and earn a living. The time has come for Z to worry about how to pay investors back.

Paying for privacy

Privacy and written communication has always come at a price.

Sending sealed envelopes used to cost more than sending unsealed envelopes. Registered post costs more than sending a sealed envelope – but privacy and delivery are guaranteed.

With the advent of FB, Google, You Tube, Instagram etc., the traditional model in which a service (privacy and delivery) is provided in return for a monetary fee sounds almost quaint. In fact any service is often provided without charge:  On-line search engine use – free. World news – free. Tabloid trash – free. Route guidance – free. Photo-enhancement technology – free. Blogs – free.  Holiday bookings – free.

What users save in a charge they pay for by offering their personal data as payment. Why else would Google buy Waze for $ 1.3 billion or FB  Instagram for $ 1 billion? Because, as Forbes states with greater eloquence than EU Perspectives ever could: “This data is WORTH S***LOADS!”

It is not something the likes of Google, Facebook or Twitter exactly shout from the roof-tops.  Peddling in people’s personal data is a bit of a sensitive issue – akin to a “dirty little secret” that shouldn’t be discussed out in the open too often. The irony is that they started out as champions of “freedom” and are now champions of fudging how they pay for the whole shebang.

The reality is that companies who offer their services for “free” harvest users personal on-line data for commercial use instead. The result is that these  companies are akin to an invisible global psychoanalyst – an omnipresent on-line guru observing 250 million EU users 24/7. This on-line guru probably knows more about the realyou than you yourself do. More possibly even than your nearest and dearest.

The process of personal profiling begins the moment we turn our computer, tablet or smartphone on. With such technology on-line companies can chart users habits, health concerns, medical history, political preferences, sexual orientation, children’s activities, children’s hobbies, who we call and where, at what hour – our next holiday destination, our daily commute to work…

The assertion, therefore, that data are the new oil has a lot of merit to it.

The EU and privacy

The EU takes the privacy of user’s personal data very seriously. More so than in the United States where Silicon Valley has made a concerted effort to keep regulators at arms bay citing the internet as the last “free” frontier. The Americans just don’t “do” regulation in the same way that  Europeans do.

There appears to be a political consensus in the US, steeped in the legend of the wild west, that an anarchic world free of red-tape is somehow preferable to an over-regulated stifling society.  Thus far, Silicon Valley’s ambitions to sell user data has had a relatively easy-ride in the US.

Not so Europe. Many Europeans do not consider their personal on-line data a commercial commodity to be sold for the benefit of investors and share-holders. European consumers entrust their data to a service provider as a two-way contract and get concerned if that data are then passed on to a third party without the user knowing in whose hands their data now reside and for what purposes it will be used.

The on-line EU economy

The European Union, aware of the economic benefits that on-line commercial activities provide is not data averse. Quite the reverse. A healthy on-line economy is good for the EU as a whole – particularly in light of the current deep-rooted economic recession. The EU logic is that for the on-line economy to take root consumers need to be able to trust that their private data will remain just that: private.

The current rules on protecting personal on-line data were framed in a previous era – in the early 1990’s well before the creation of Facebook, Twitter, LinkedIn, You Tube or any other social media site – and well before Google or Yahoo morphed into the companies they are today. How EU law protects our personal on-line data is woefully out of date.

Bearing in mind the importance of the internet to Europe’s economy as a whole, the current reform package seeks to create a single, clear and uniformly applicable legal framework that will ease administrative costs and is expected to save industry around €2.3 billion a year.

As well as streamlining administrative requirements, the proposals seek to tilt the balance of control over personal data away from industry and back into the hands of individual users.  In the Commission’s own words:

The proposed changes will give you more control over your personal data, make it easier to access, and improve the quality of information you get about what happens to your data once you decide to share it. These proposals are designed to make sure that your personal information is protected – no matter where it is sent or stored – even outside the EU, as may often be the case on the Internet.

The measures proposed include, inter alia, a ‘right to be forgotten’. In other words permanently deleting all personal data from e-mails or social networking sites. Industry does not like this. It chips away at their lucrative data archive.

Privacy by default is another key change to the current legislative landscape – in other words industry must assume users want to keep their information private (and not for sale) unless they specifically consent to waive their privacy. This must be clearly spelt out in easy to understand language.

Companies such as Facebook, however, have been very adept at obfuscating the terms of privacy and changing the privacy default settings from “private” to “public” with many user’s only aware of the changes thanks to “word of mouth” rather than any concerted effort on the part of Facebook to set out how the terms of the agreement had been altered.

Other companies bury the privacy consent agreement in the minutiae of a fifteen page “terms and conditions” contract – or refuse to provide a service unless the user agrees to share their data with third parties.

Viviane Reding, the European Commissioner for Justice, who is spear-heading the reform of on-line data protection in the European Commission is aware that what ever the EU decides in the coming year on data protection is likely to set a global standard. So does industry and civil rights groups.

Why?

The EU is a sizeable, profitable and sophisticated market – larger even than the US market.  Being a sizeable, profitable and sophisticated market, the big on-line commercial operators want access on their terms.

The one obstacle: the pesky European regulators.

Commissioner Reding means business though. Writing in The International Herald Tribune, she spelt out the EU’s objectives in no uncertain terms: “If you want to play in our backyard, you have to play by our rules.”

The data reform package envisages penalties for serious breaches of the rules (such as processing sensitive data without an individual’s consent or without any legal grounds) of up to €1 million or up to 2% of the global annual turnover of a company. The fines would start out at €250,000 or up to 0.5% of turnover for less serious offences, such as a company charging a fee to comply with a request from a user for his or her data.

This is a very significant change to the current regulation. Extending competition-style penalties to breaches of EU privacy laws will, without a shadow of a doubt, make the big American companies learn how to play “EU” ball – unless, of course, they can ensure that the eventual European rules are framed in a way favourable to their commercial interests.

Never has there been such a frenzied lobbying campaign in Brussels as there currently is over the future shape and lay-out of Europe’s personal on-line data regime. Billions, not just millions, are at stake.  The PRISM revelations may just have shifted the ball back into Viviane Reding’s court.