trending Market Intelligence /marketintelligence/en/news-insights/trending/-GCF1ofQsZbVJm1US7vblw2 content
Log in to other products

Login to Market Intelligence Platform

 /


Looking for more?

Contact Us

Request a Demo

You're one step closer to unlocking our suite of comprehensive and robust tools.

Fill out the form so we can connect you to the right person.

If your company has a current subscription with S&P Global Market Intelligence, you can register as a new user for access to the platform(s) covered by your license at Market Intelligence platform or S&P Capital IQ.

  • First Name*
  • Last Name*
  • Business Email *
  • Phone *
  • Company Name *
  • City *
  • We generated a verification code for you

  • Enter verification Code here*

* Required

Thank you for your interest in S&P Global Market Intelligence! We noticed you've identified yourself as a student. Through existing partnerships with academic institutions around the globe, it's likely you already have access to our resources. Please contact your professors, library, or administrative staff to receive your student login.

At this time we are unable to offer free trials or product demonstrations directly to students. If you discover that our solutions are not available to you, we encourage you to advocate at your university for a best-in-class learning experience that will help you long after you've completed your degree. We apologize for any inconvenience this may cause.

In This List

Debating opt-in, opt-out privacy options as tougher EU protections loom

Asia-Pacific markets improve broadband speeds despite COVID-19 impact

Simplifying The Assessment of Company Fundamental Data

China COVID-19 Trends In TV, Video

Staying Ahead of the Development Curve with Insights on Emerging Technologies


Debating opt-in, opt-out privacy options as tougher EU protections loom

The deadline for implementing the European Union's tougher digital privacy and security measures is less than one year away, but privacy experts in the U.S. still remain divided on the best policy for internet companies going forward.

In particular, experts remain divided over whether U.S. regulators and firms should generally embrace more of an opt-in approach, where a user needs to provide affirmative consent before personal data can be collected or shared, or an opt-out approach, where most consumer data can be collected and shared unless or until a consumer actively denied their permission.

During a panel discussion hosted by the Information Technology and Innovation Foundation, a tech-focused think tank based in Washington, D.C., ITIF Vice President Daniel Castro argued in favor of an opt-out approach, noting that obtaining consent from each and every user is relatively expensive relative to the value of any one user's personal data. Moving to an opt-in approach, he warned, would cause companies to have less money to invest in innovation and could lead to services shutting down sites or moving to a pay model.

"The internet ecosystem has been built on this financial model of free and low-cost apps and services that depend on the availability of targeted online ads that use personal information," Castro said.

He noted that while no user wants their information stolen or accessed by cybercriminals, he believes most consumers are willing to accept some degree of data tracking on the part of internet companies in exchange for free email and other services.

"You have some users that really value their privacy, some users that don't put a huge premium on that and then most of us that are somewhere in the middle where we are willing to make certain trade-offs," he said, adding that he sees the opt-out approach as best serving this latter middle-ground group.

But while Castro may prefer an opt-out approach to online privacy, Kara Sutton, senior manager at the U.S. Chamber of Commerce Center for Global Regulatory Cooperation, said most major internet companies in the U.S. will need to move to an opt-in approach as a result of the EU's General Data Protection Regulation.

SNL Image

"The reality that a lot of especially larger companies are looking at now is GDPR is likely going to be their minimum standard across the world," Sutton said, noting it does not make sense for multinational companies like Alphabet Inc. and Facebook Inc. to have two separate playbooks for the U.S. and the EU.

The EU data protection rules, set to go into force in May 2018, require a company to obtain "unambiguous" affirmative consent from a user before collecting or processing the user's "personal data." According to the Council of the European Union, personal data "can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address."

Personal data is different than sensitive data under the GDPR, which requires an even higher level of "explicit" consent. Sensitive data includes racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, certain identifying biometric data, health data and data about a person's sex life or sexual orientation. There are also special protections for children.

While unambiguous consent can take several forms, including "ticking a box when visiting an internet website" or choosing technical settings for an app or browser, "silence, pre-ticked boxes or inactivity" do not constitute consent. As for explicit consent, a user must agree to a particular use or disclosure of their personal information either orally or in writing. In other words, settings on a user's browser or app likely will not cut it.

These new rules are far more restrictive than the online privacy regime currently enforced in the U.S. by the Federal Trade Commission. The FTC framework relies more heavily on an opt-out approach, only requiring opt-in approval in cases where companies plan to use data in a manner that is materially different than was originally stated or in cases where they are collecting and sharing "sensitive" data, such as geolocation information, children's information, health information, financial information and social security numbers.

Sutton said she actually prefers the U.S. approach but noted the GDPR is "the new reality that companies have to live with."