Start Up Britain and Regulation: A Balancing Act?

April 5, 2011

270,000 businesses start up in Britain every year, and the new Start Up Britain intitiative hopes to promote entrepreneurship by offering reading material, business resources, discounts and a variety of other assistance.  Some legal resources are also available, to help new businesses steer a clear path through swathes of regulation, manage risk, and to offer some rudimentary assistance in protecting their intellectual property.  That these resources form part of a Government backed initiative to encourage entrepreneurship is telling.  Getting the legal advice necessary to manage risk, and ensure compliance, is an important and often expensive precursor to launching a successful business; one area of regulation we have written about before is data protection.

Proposed reforms to data protection law in Europe, including the right to be forgotten online, and changes to laws which affect when cookies may be stored and accessed by websites, are aimed at developing a “comprehensive set of existing and new rules to better cope with privacy risks online”.  However, while entrepreneurship is hailed as a means for economic recovery, over regulation would certainly represent a significant obstacle  to start ups.  While the barriers for entry to the online marketplace have traditionally been very low, and while web based businesses have been relatively free to design their systems and user experiences as they wish, these freedoms are increasingly weighed against the privacy of users.

Regular scandals serve to highlight the importance of more effective safeguards on the use of personal information, for example the loss of address, bank, and national insurance details for 25 million people in 2007; a BP laptop going missing with personal data for thousands of oil spill victims on board last month; and the exposure of names and email addresses following a cyber attack aimed at Epsilon, who provide e-mail services to several high profile businesses.  There is good reason for concern over the safety of information we provide online, but notably, in each of the cases mentioned here, the exposure of personal details was not necessarily attributable to a lack of consent or misuse of data, but to a breach of security.

Freedom to do business online must be balanced with controls on the use of data, especially as the growth of social media sees more and more interaction taking place on the web. However, if the scales are tipped too far one way or the other, regulation may have a severe negative impact on businesses, or the privacy of web users.

Following the increase last year in the maximum fine which can be levied by the ICO from £5000 to £500,000 and calls for the law to provide mechanisms for enforcement against global companies, the growing reach and impact of data protection law means a steadily increasing burden on website operators to obtain consent for the collection of visitor data, to control its use, and to control access to it.  While compliant businesses are likely to develop trust, and while stricter rules may give web users greater peace of mind, it might be argued that education could play a more significant part in preventing breaches of privacy online, and reduce the need for regulation.  It will be interesting to see whether the reforms strike the right balance, and allow entrepreneurship to thrive, or whether they eventually raise the bar to entry such that only larger players have access to the market.