The European Union's approach to online behavioural advertising: Protecting individuals or restricting business?

Abstract

The European Union (EU) has firmly set its stall out to protect individuals' data and privacy and has demonstrated this through the rejection of the old opt-out regime and the introduction of the new opt-in rules. These require businesses to obtain individual's prior and informed consent before their data are collected, stored and used for the purposes of online behavioural advertising (OBA). Individuals in the EU are afforded protection from the apparent dangers relating to data privacy and misuse that is associated with OBA, which is beyond the expectation of most Internet users. However, there are some criticisms levelled at the law that the EU has produced. Is simply gaining informed consent sufficient for protecting all types of information? Do certain types of information require a higher level of consent than others? Does the law fulfil its aim of protecting data subject's privacy and data? Is the current law restrictive to business? Do individuals know or care that their information is being collected for the purposes of targeted advertising and is there a better way to ensure that they do? Finally, will proposed new law to be found in the EU Data Protection Regulation solve any of these problems? This article will assess whether, as a policy decision, the EU's current approach has been too cautious in its attempts to protect individuals or restrict business.