Data protection is an issue the industry ignores at its peril, warns UK intellectual property lawyer Ben Travers
The aggregates industry is no stranger to regulation. From issues surrounding health and safety to sustainability and emissions, it seems that the industry is never far from scrutiny. Yet one aspect of regulation which is overlooked with alarming regularity is the protection of personal data.
Across Europe, legislation is in place to control what, how, why and when businesses process personal data.
Many in the aggregates industry do not see the relevance of data protection law yet it applies to anyone who is processing personal data (which itself is widely defined to include data which identifies a living individual). Just because the industry is, largely, not consumer-facing, does not mean it is free from the constraints of Data Protection.
When you consider that something as benign as an email address can constitute personal data, it becomes apparent how far-reaching the data protection laws are.
The public at large is becoming more and more aware of its rights when it comes to personal data. As a result, there has never been a better time to ensure that your data protection compliance is in good order. Compliance is not just about staying on the right side of the law and avoiding fines, it is about maintaining your reputation.
For many businesses, data protection becomes most relevant if they operate a website. We all know that websites can be a powerful marketing tool, yet many are not aware of the responsibilities which go with it.
The minefield of legislation which applies is vast. Yet with careful consideration and the right guidance, a safe path can be navigated. Data protection is just one aspect web owners need to be mindful of. For example, where a website permits users to sign up for newsletters, the web owner will be into data protection territory and will need to process the information submitted by the web user accordingly.
Change in law
A recent change in the law across the European Union relating to cookies has made online data protection compliance more important than ever. Although the law has been implemented differently in each of the EU member states, the guiding principles remain the same.
Almost every company which operates a website will be affected by the new regime which will result in a sea-change in the way websites operate. Many owners will need to change the practical way in which their websites function, which could have an impact on the experience of the person using the site.
Cookies are small pieces of code installed on a computer when users visit a website. They can help to improve a user’s experience and can help a website operator to tailor their site to a particular visitor. For example, if you visit a website and view certain pages, the next time you visit that site, links to information which may be of interest to you (based on your history) may appear on the home page. Alternatively, you may be looking at certain machinery on a manufacturer’s website and the next time you log into your personal email account you see advertisements for that machinery. Both of these are examples of cookies in action.
Traditionally cookies have been installed on a user’s computer without the user’s consent. If they did not want to receive cookies, they had to take positive steps to block them. Under the new provisions, this system will no longer be compliant.
Subtle differences
There will be subtle differences in the way the law is enacted and enforced in each of the EU member states. In the UK, with some very limited exceptions, website owners will have to obtain consent (which can include implied consent) to the installation of cookies before they are installed. This is going to have a potentially negative effect on the user’s experience and enjoyment of a website, particularly if the company asks for consent on their homepage before the user can proceed. It may even drive traffic away if badly managed. Compliance needs to be managed carefully to reduce the risk.
Some companies will have to look at whether their websites would still function at all if the user rejects consent for cookies to be used.
Complying with the law, while maintaining the website’s commercial function and aesthetic, is going to be a difficult balance: get it wrong and you could face a fine and risk putting customers off.
Having an effective privacy policy on your website, and complying with it, can go a long way to ensuring you stay on the right side of the law when it comes to online data protection. At a time when consumers are becoming increasingly savvy about their rights online and in their personal data, it makes business sense to ensure your site complies.
CONTACT
Ben Travers heads the IP & IT team at Stephens Scown solicitors in the UK which has more than 70 years’ experience representing mining and minerals clients.
He can be contacted on +44 (0)1392 210700 or email
