The telecom industry has changed considerably in the last decades leading to increases in the amount of personal data collected by telcos and the regulatory requirements surrounding collection and use of personal data. Unfortunately, implementation of these requirements presents a regulatory burden for companies and often falls short of the regulator's intent.

 

The traditional telecom companies offering phone, cable and internet services have been challenged by start-ups offering similar, better and additional services, using new and disruptive technologies.

 

These technologies have led to an exponential increase in the amount and types of data, including personal data, collected by traditional and novel telcos.

 

This data has been used by companies to develop further, improve and customize (telecom) services as well as for targeted advertising and other purposes.

 

While data has become a commodity and many online services transformed into being data driven and customized, regulators responded to the increase in personal data collection and use by companies by enacting various privacy and data protection laws.

 

Privacy laws focus on transparency and individuals' rights as key elements in regulating the use of personal data. Organizations collecting and processing personal data are required to disclose specifics about how they collect and use such data. As a result, privacy policies, intended to provide the user with information about the relevant service’s use of the user’s personal data, often become longer and more complicated rather than more user-friendly. This not only presents a regulatory burden for companies but runs counter to the intent of the regulator.

 

Multinational organizations are required to comply with several privacy laws and, as such, encounter different obligations when it comes to their public-facing privacy policies. Consequently, such organizations often publish multiple privacy policies each disclosing specific information as required under different laws.

 

Moreover, these privacy policies need to be kept up to date to reflect the evolving requirements under the various privacy laws and the organization’s privacy practices.

 

On the other hand, a survey conducted in 2019 by Paw Research Center shows that 91% of Americans do not read online privacy policies, even if these need to be accepted.

 

When people do read a privacy policy, the information communicated in such policy is not always easily understandable. Per the same 2019 Paw Research Center survey, only 8% of adults in the US understand privacy policies well. Accordingly, when a privacy policy is accepted by a user of an online service, such acceptance is more likely to be based on the individual’s wish to use such service rather than on the user’s understanding of the company’s data collection and processing practices.

 

The regulator’s intention to give individuals control over the use of their personal data is an important response to the data driven society we live in today. The need to protect an individual’s privacy right should be balanced against organizations’ ability to continue to develop and improve technologies which could benefit us all.

 

About the Author - Netanella Treistman is a partner at Yigal Arnon & Co. law offices and is experienced in privacy compliance and commercial matters including licensing and technology agreements. Netanella is a Certified Information Privacy Professional Europe and U.S.- private sector.

 

Author:

 

 

 

 

 

 

 

 

 

Adv. Netanella Treistman Email: netanellat@arnon.co.il

Download the full article