Today heralds the start of a new era in data governance - the Permitted. It commences with the publication of much-heralded proposals for changes to the European Data Protection Directive which will fundamentally alter the way we collect, process and manage data. A shift in the balance of power will occur in which the regulator becomes a crucial third party in the data relationship which used to be about just the business and the consumer.
Back in the Permissive era (1985 to 2002), we had it all our own way. Companies collected any information they liked and pushed messages out at the consumer when they liked. There was an opt-out, of course. Except that it did not apply to the Electoral Register so anybody who said they did not want their data to be used for marketing purposes when they traded with a business would simply get targeted as a cold prospect using ER. Nice.
This morphed into the Permission era (2002 to 2012) with the introduction of an opt-out to ER and the arrival of PECR, putting phone and email onto an opt-in footing. Didn't apply to search and clickstream data, so organisations carried on their permissive ways. It's just that they did it in the back room under the guise of data mining and analytics, only breaking cover to apply what they had found as behavioral targeting.
Problem is that Commissioner Reding learned about this when the disastrous Phorm experiment with online advertising across BT's ISP base hit her desk as the telecoms commissioner back in 2007. Without that, there would have been no new ePrivacy or "cookies" law last year. And certainly not the same proposals as she has table today.
Permitted means regulation plus permission. It says the individual has the right to be forgotten and to deal with a single data protection authority across the whole EU. It means getting explicit consent for every use of that person's data. Yes, I know.
Can we transform our data management practices to meet this new, higher level of data governance (assuming the proposals pass the parliamentary scrutiny they will now face)? In the same way that it is possible to be fully compliant with all applicable legislation, just by doing nothing, then the answer is yes. Meeting these new demands while staying in business - and thriving - looks like being more of a challenge.