Data protection - consumer safeguard or e-commerce gag?

The new EU ruling on data protection, due to come into force in the UK early next year, aims to protect the consumer. But large corporations -- particularly those involved in e-commerce -- may end up paying the price.

Essentially, the ruling will make it illegal to export data to a destination where it cannot be given the same level of protection it is afforded in Europe. As the US has made it clear it does not intend to legislate on the matter -- preferring to leave it up to the Internet to set up its own codes of practice -- this could strangle e-commerce in its infancy, according to some analysts. Dataquest analyst Ken Fraser said the law will have a direct effect on US e-commerce operators wishing to set up in Europe and vice versa. Interestingly, Canada could become the winner: the data protection law in Quebec does conform to EU standards.

"The law will prove an impediment to certain kinds of Internet activity," said Fraser. "For example, a Web site running a book shop may capture orders in Europe and transmit it to America. By doing so they will be in breach of the law. It will be up to operators to find ways to satisfy legislation or get round it."

Phil Dwyer, analyst with Jupiter Communications goes one step further. He believes the legislation will ultimately revolutionize ownership of data -- but not in the way the law intended. "The law rests on the conceit that consumers own their own data," he said. "This is wrong. At the moment it is companies that own our data and keep it stored." He sees this as an antiquated system that has no use to consumer or company. Dwyer added: "Data is dynamic but once it is collected it ceases to be so." He predicted a day when data collection will become redundant. Although he doesn't believe legislation is the answer, the confusion that will ensue could act as the unwitting catalyst to change. "Since it seems unlikely anyone will come to an agreement, the Web itself may need to take a stand," he said.

Dwyer believes the Web's 'unique culture of democratization' puts it in the ideal position to shift ownership of data back to the individual. "Web users are well prepared for the notion that they can and should own the data about themselves, and share it with corporations when and if they want to. In this regime, Web enterprises would not export data -- they would access it," he said. With the co-operation of the two browser kings -- Netscape and Microsoft -- the process would be a simple one of installing a piece of software into the browser. Dwyer envisages a kind of "data shadow" following users as they browse the Net. "They might have, say, ten levels of data from the most basic facts about gender to a detailed buying record. Depending on which site users are on, they could decide the level of data they wanted to give," Dwyer explained.

It seems that many of the movers and shakers in the industry are in agreement with him. Players such as Netscape, Microsoft, Verisign and profiling systems company FireFly Network are all working on an open profiling standard which they hope will eventually be implemented globally. The initiative has been motivated by three guiding principles -- to offer informed consent before an individual hands over information, to ensure that any exchange brings value to the end user and finally, to ensure that information should be controlled at source by either an individual or a corporation.

If such a system is adopted, disseminating information on the Web will become a whole lot easier and, perhaps most importantly, it will offer users greater security. With consumer data protection at the top of the EU's agenda, this has to be a priority if the Internet is to mature into a thriving global marketplace.