[ad_1]
CNIL, the French authority in charge of the protection of privacy, criticized Google with a headline claiming a fine of 50 million euros for an exhaustive list of alleged violations of GDPR laws and French on the protection of privacy, namely:
… The select committee notes that the information provided by GOOGLE is not easily accessible to users … In addition, the select committee observes that some information is not always clear or complete …
GOOGLE declares that it has obtained permission from the user to process data for the purposes of ad customization. However, the select committee considers that consent is not validly obtained for two reasons.
Firstly, the select committee observes that the consent of the users is not sufficiently informed … Next, the select committee observes that the consent obtained is neither "specific" nor "unambiguous".
Despite the measures put in place by GOOGLE (documentation and configuration tools), the infringements found deprive users of essential guarantees regarding treatments that may reveal important aspects of their private life, since they rely on an enormous amount of information. data on a wide variety of services. and possible combinations almost unlimited. The select committee recalls that the scale of the treatments in question requires users to be able to check their data and thus to inform them sufficiently and to allow them to validly give their consent.
In addition, the violations are ongoing violations of the Regulation as they are still being observed. This is not a single, time-limited offense.
Not so fast
This decision is causing problems, but as of the date of this story, Google has not yet announced publicly whether it would appeal the decision or not. Here are some questions that immediately come to mind.
- One of the most obvious problems is that the fine seems arbitrary and could fall outside the RGPD since the CNIL had to take the case in the absence of Ireland (where Google has its European headquarters) n & # 39; She was not legally entitled to take it.
- Another problem is the way in which the complaint was handled, in that by transferring the seat of the court in France, it clearly shows that, even if the GDPR is an EU directive, the United States nations may not have domestic legislation aligned with the requirements of the Regulation.
- Some colleagues believe that any attempt to force lawyers to understand the nature and manner in which data are handled presents great difficulties. This is a new area of law, but if past decisions are an indicator, it would not surprise me if the CNIL's understanding of Google's practices is incomplete.
- Another problem is what the CNIL discovered. In discussing the role of the links to other parts of the terms and conditions, I recalled Brian Sommer's overlapping contractual relationships, which can be changed and which, in turn, change the terms, often with an implicit financial penalty. My point is that the CNIL is right to point out the complexity of the current arrangements, but misses the important point about the value of links when looking at a set of terms.
Google could solve many of its self-inflicted problems by rearranging the conditions under which it offers services, so that the user has a direct path to which he can navigate. This can work the same way I can enable or disable services and service permissions on my iPhone.
Right now, we hear the usual comforts of the press that Google takes the GDPR seriously. I'm sure that's the case. When it is in his interest to do so
But there is another set of arguments that brings the issue of privacy and consent as envisioned by the RGPD to a totally different place.
Monetize our data?
In this week's Exponential View restricted section, Azeem Azhar outlined his arguments about how monetizing personal data is a difficult task. His point of departure was an article by Will.i.am who had written this in The Economist; We must own our data as a human right and be compensated for it. This is not a new idea and several companies are trying it out in different ways and at different stages of market preparation. Examples include Datacoup, Datawallet, People.io that use blockchain technology.
But as Azhar points out, data is not a physical good that you can own and on which you have a direct agency. Azhar cites other reasons, including the fact that data extracts alone are of little value to the individual, but when they are collected and badyzed to create models, they acquire significant value that can be exchanged or used to provide additional services to the data sender.
This was an argument I used early in SaaS accounting when I argued that the data collected by SaaS vendors had virtually no value at the individual level, but that they had tremendous value on both sides of the market, taken globally and over time. What is interesting here is that few programs initiated by SaaS to take advantage of these data. The closest approach I've seen is the acquisition of FreeAgent by RBS last year. What has happened since is not known, but one of the reasons is the need to have access to data collected by FreeAgent.
Azhar goes on to remind us that data can influence our behavior and preferences and at more frequent intervals today.
… In a sense, our data contains a core seed of our agency, to protect or manage.
And
Finally, the market is not the best policy arbiter in all situations. Markets may fail. Markets are bad stewards of shared resources. They may not work properly in case of asymmetric information or in transactions where many gains occur at a particular time. Experienced organizations find it difficult (if not impossible) to value a given set of data. It is unlikely that an individual can do it.
It is a problem for sure, but it is not a problem that I consider insurmountable.
When viewed from a market perspective, the data take on characteristics that seem to me similar to those of copyright. When I write something, I initially own the copyright on these works (which are just data with a different name.) However, I can monetize those words / data in exchange for any other reason. a fee. In doing so, I give up some rights to whoever buys those words. Various options are available to me, including restricted or full rights.
At diginomica, we operate under a special license that allows third parties to use some of our words / data, but specifically, at no cost, provided certain conditions are met. When a company wants to get full republication rights, we would need fees, although I do not know under what circumstances this could happen without downstream consequences for issues such as SEO. I can envision circumstances in which words / data are remixed or reused, opening up new opportunities for monetization. Can not we say the same or similar personal data that is mixed and remixed for various purposes? This is the crux of Will.i.am's argument.
An alternative view
In the alternative, and recognizing the "kaleidoscopic" nature of the data, Azhar proposes that all interested parties be guided by:
nuanced notions of respect, stewardship, rights and collective benefits that can then guide our regulations, policies and strategies.
Well yes. It would be good. But given the market power and influence of companies like Google, Facebook, Netflix, Verizon and many others, is it even conceivable that policymakers and activists will be able to get the best out of it? left?
There is a scenario in which I can see a compromise with the potential to advance the ball. This week, Stuart Lauchlan reported that at Davos, Eileen Donahoe, director of Stanford University's Global Digital Policy Incubator, was equally brilliant:
We have witnessed an erosion of public confidence that they will be the beneficiaries of digital technology. I would also like to highlight the erosion of trust between governments, especially those with a democratic vocation, that they can deliver on their promises and obligations to simultaneously protect the freedom and rights of citizens, national security and the democratic process while advancing economic growth …
… People are not convinced that they will participate in economic increases and that benefits and growth are becoming less and less in the hands …
… Everyone understood that the digitization of society has enormous consequences for society. Finally, people understand that privacy is important for the exercise of freedom. The idea is simple: if everything you do and say is monitored and monitored by governments and private sector companies, it will have a deterrent effect on what you feel free to say and where you feel free d & # 39; to go.
If you combine these statements, you can begin to understand how, by combining confidentiality and economy, you get the start of a framework that could work. However, it will take the collective will of politicians, technology providers, academics and other interested parties to succeed in this task.
Last thoughts
Given the potential obstacles and obstacles on the way, I imagine we will talk about it for a long time. But given the degree of breakdown in the relationship of trust between sellers and consumers, is trust enough incentive for sellers to go back and think about what they can do?
We are just beginning to see how the GDPR is going away and we know that many complaints are waiting to be resolved. Will the results of these decisions also serve as incentives?
Endote – I highly recommend taking paid memebership from Exponential View. The story that partially inspired it includes valuable links to related content that discuss the economics of data and its value.
Image credit – via public images
Source link
