Posted in EU Data Protection
In the last few years there has been a dramatic change in the opportunities organizations have to generate value from the data they collect about customers or service users. Customers and users are rapidly becoming collections of “data points” and organizations can learn an awful lot from the analysis of this huge accumulation of data points, also known as “Big Data.”
Organizations are perhaps thrilled, dreaming about new potential applications of digital data but also a bit concerned about hidden risks and unintended consequences. Take, for example, the human rights protections placed on personal data by the EU. Regulators are watching closely, intending to preserve the eight basic privacy principles without compromising the free flow of information.
Some may ask whether it’s even possible to balance the two.
The recently revealed plans by President Barack Obama to reform the way in which the U.S. intelligence services gather and use data throughout the world have had a lukewarm reception by European politicians. The rhetoric by members of the European Parliament in particular suggests that Obama’s proposed reforms stopped short of what would have been comforting enough for them. Such reforms are a work in progress that will extend over months and years, but Obama’s stance is bound to have a very direct effect on existing and forthcoming EU data protection requirements.
It’s no secret that the EU’s proposed General Data Protection Regulation (GDPR) hangs in the balance. Some have even declared it dead (see here), though, to paraphrase Mark Twain, those reports are somewhat exaggerated. Nevertheless, 2014 will prove a pivotal year for privacy in the European Union: Either we’ll see some variant of the proposed regulation adopted in one form or another, or we’ll be heading back to the drawing board.
As it has been noted on these pages one of the tangible results of the Snowden revelations has been the (re)introduction of a provision in the EU’s proposed General Data Protection Regulation aiming to limit and control the transfer of personal data to authorities in third countries, the main concern motivating this initiative clearly being concerns regarding the transfer of personal data to U.S. intelligence and law enforcement authorities.
Originally, the European Commission had intended for such a provision to be included in Article 42 of the data protection reform proposal tabled in January 2012, but—if one chooses to believe the many press reports one the matter—due to intense lobbying pressure from the U.S. government, the provision was removed. That is, of course, not the full picture.
After working in Brussels for the last 15 years, I have become accustomed to the byzantine machinations of European politics. But the spectacle that is currently unfolding concerning appointment of a new European Data Protection Supervisor (EDPS) and Assistant Supervisor paints a particularly dismal picture of how data protection in the EU can become a political football.
When I was at university, I remember a lecturer who used to say the first rule that any law degree student should follow was “to not panic.” That is a rule that we should all apply when reading the draft report of the LIBE Committee of the European Parliament on the NSA surveillance programme. The prospect of a closed-down Europe that is advocated by the report is certainly daunting. Shutting down pretty much all transatlantic data flows in order to prevent unreasonable access to data by the U.S. intelligence services would not only be disproportionate, but it would be hugely damaging to the information society we all rely on.
The Year in Review
If there ever was a “year of privacy,” surely it was 2013. A year that ends with dictionary.com selecting “privacy” as “word of the year;” with privacy making front-page headlines in The New York Times and The Washington Post (not to mention The Guardian) on a weekly, indeed almost daily, basis; with cross-Atlantic ties stretched to the limit over privacy issues, the UN passing a privacy resolution and armies of lobbyists spinning BCRs and Do-Not-Track in Washington bars and Brussels cafes—ladies and gentlemen, 2013 was the year of privacy.