In order to keep up with new technologies and addressing consumer concerns over privacy the 1995 European Data Protection Directive, which was implemented in UK in the 1998 Data Protection Act is in the process of being updated. This can be a good thing because aside from anything else it aims to reduce the red tape, and add more consistency across Europe. However, the draft proposals are missing the mark and not going to meet the objectives unless some additions and changes are made.
The definition of “personal data” is one example of this; it is proposed to be extended so it could cover some IP addresses and cookies;
“a natural person who can be identified, directly or indirectly by means likely to be used by the Data Controller……in particular by reference to an identification number, location data, online identifier…”
The definition makes no distinction between personal data which is not directly identifiable, such as an IP address identifying a device not a person and data which is, e.g. name and address. Furthermore an IP address only identifies a device not a person. This change would make profiling and web analytics much more difficult, if not impossible. This would change the whole way the internet and email marketing works. The easy user experiences and communications users are currently used to from talented marketers would be replaced with either nothing or un-targeted information, a backward step which will not benefit users or business. The updated European data protection legislative framework need to allow the commercial developments to continue, which will allow business to grow and users to have positive relevant information sent to them.
It is imperative that the definition of personal data is revised otherwise the online economy may be severely damaged.