The Canadian Marketing Association released a research/position paper this week. It’s essentially a warning to lawmakers in Canada to be thoughtful when they finally embark on modernizing our privacy laws.
The gist of the paper is that we should learn from some of the negative effects of the approach taken by the European Union. I’m not as sure as the CMA about whether most EU citizens like or dislike the General Data Protection Regulation, but I do agree that the law has added complexity, cost, time and effort to allow for innovation to advance. I mean, who wants to be swamped by cookie banners all day long and how much do they really help?
The CMA paper provides some advice: Don’t turn our privacy regime into one that creates too many barriers — especially for smaller businesses — to doing good things with data.
And for me, that’s the key. Doing good things with data should be encouraged, while doing bad things with data should be made illegal.
I question whether the debate about if our new laws should be grounded in human rights versus regular rights is all that helpful. What I hope for, at the end of the day, is a regime where organizations are encouraged to use data, including personal information, for good or ethical causes — those things that make life better for the consumer, patient, citizen AND the organization processing it at the same time.
In our current model, where consent plays such a crucial role, we’ve seen too often that organizations can’t get around to doing good things with data, including more informed and data-driven decision-making. At the same time, consent can sometimes be the scapegoat that allows for unethical data use. Sure, we also have the “reasonableness” standard baked in (of which I’m a fan), but this alone has proven that it can’t be the only thing standing between the right thing and the wrong thing. We need more.
And, I guess I’m playing all my cards here, I would echo the CMA’s comments that a GDPR approach is not warranted in Canada regardless of the threat to our “adequacy.” (I really hate cookie banners.) What’s needed is a made-in-Canada approach that puts data ethics at the forefront of everything organizations can or want to do.