The digital economy, the technology supporting it and the data fuelling it are growing at an exponential pace (some even talk of a Moore’s Law equivalent in respect of data).
We see digital solutions now permeate all aspects of our life, from the ability to make mobile payments, to relying on real-time traffic apps to increase the efficiency of travel.
What is less immediately obvious is that, as the digital universe expands, the data at its core is equally becoming more multifaceted and its role in the global economy increasingly central. This unprecedented expansion in turn means that changes are required in the way we regard and regulate who is responsible for data, and how it should be controlled, transferred, processed and shared. Failure to clearly identify how the increasing use of data fits in – and sometimes clashes – with existing traditional regulatory structures, and compensating accordingly, means a lost opportunity to optimise the value of data and its role in the new digital economy.
Current regulation, for example, does not account for the different way in which content is managed in the digital environment. The EU has proposed a new Copyright Directive that would introduce an obligation on technology companies to ensure copyright-protected material posted on their platforms has been appropriately licensed. Until now, content platforms have often disclaimed their responsibility in respect of content posted on the platforms without the appropriate permissions, by claiming that they are merely reporting, not publishing it. There is, however, significant value in ensuring that copyright owners can control the distribution of their content in the digital economy, and, with appropriate checks and balances in place, the potential for censorship of such an obligation to monitor for copyright infringement can be controlled.
Encouraging the free flow of data across borders is key to stimulating international trade, as data, the so-called “new oil”, becomes an increasingly valuable currency across multiple sectors. Unfortunately, the goal of unimpeded flows of data across borders sometimes seems incompatible with the restrictions on the free flow of data imposed by privacy governance regimes across the world, in the interest of protecting individuals’ right to privacy– or, sometimes, of facilitating the monitoring of a country’s citizens. But international data governance must begin to account for the reality that free flows of data are fundamental to the growth of the digital economy.
The EU’s General Data Protection Regulation (GDPR) is the first leader in this respect. The GDPR can be compatible with facilitating cross-border data flows if it is accompanied by very clearly articulated principles for such transfers and proper safeguards for privacy. The EU has begun to position the GDPR, its data governance standard, at the centre of this debate, including by recently concluding successful talks with Japan – by mutually recognising the equivalency of each other’s privacy systems, this agreement is creating the world’s largest area of free data flows.
Finally, companies in any industry that extracts commercial and other valuable insight from data are no longer able to get around privacy law restrictions by simply anonymising the data they use, as these data sets are becoming increasingly complex. Privacy researchers have repeatedly shown that it is no longer possible to fully anonymise unit record level data – data relating to individuals – no matter how stripped down that data is.[i]Getting around privacy laws by using only “anonymised data” is becoming an increasingly limited tool, as the degree to which increasingly complex data sets would need to be anonymised today to truly prevent the identification of specific individuals (if even possible, as highlighted above) would be so high that the resulting anonymised data sets would be of limited value. New techniques and legal constructs must now be devised to ensure we continue to be able to extract valuable insight from available data, while continuing to protect individuals’ right to privacy.
The digital economy is exponentially expanding into all aspects of industry and daily life, and data is the new oil – the fuel and the currency of this expansion. Keeping up with and capitalising on this growth will not be possible without the growing pains of adjusting regulation to account for this expansion. This must start with shifting relevant responsibility onto companies to manage at least some aspects of the data and digital content, aligning how we protect personal data with the need to stimulate commerce by ensuring the free flow of data more generally, and adapting the techniques used to control and protect data to protect individuals’ privacy while still being able to use data sets for commercial, research and other value-add purposes.
Oana Dolea, GDPR Practice Lead and Akber Datoo, Managing Partner, D2 Legal Technology
[i]The Guardian, July 13, 2018, ‘Data is a fingerprint’: why you aren’t as anonymous as you think online, by Olivia Solon, available online: https://amp-theguardian-com.cdn.ampproject.org/c/s/amp.theguardian.com/world/2018/jul/13/anonymous-browsing-data-medical-records-identity-privacy