Europe's New Data Protection Rules
Author: Q & A With Viviane Reding by Jennifer L. Schenker
This
is one of 15 stories appearing in a special edition DLD Informilo print
magazine being distributed at DLD in Munich Jan. 22-24.
Viviane
Reding, the Vice-President of the European Commission, is spearheading reform
of Europe’s data protection laws. Reding, a scheduled speaker at the DLD
conference in Munich January 22-24, negotiated a major overhaul of the
Continent’s telecommunications sector as the member of the Commission
responsible for Information Society and Media from 2004-2010. The reforms included
a provision to force telcos to report data breaches and the prevention of
supplier lock-in by allowing consumers to quickly move a telephone number from
one network to another. She recently spoke to Informilo’s Jennifer L. Schenker
about her plans to implement similar reforms to Europe’s data protection rules
to bring them in line with the Internet age.
Q:
How will your proposed reforms help put individuals in control of their own
data?
A:
Today many people, especially young people, are not aware of privacy policies
when they create profiles on social networks. At the same time, adults are
unaware that their search data can be used by online advertisers. The rules are
clear – they require informed consent — but these rules are not being applied uniformly.
That is why we need to reform the personal data legislation that dates back from
1995 – the pre-Internet age – to adapt it to the new Internet age. What is
needed is clear, plain language informing the citizen what is happening with
their data, how and when it is used, what the citizens' rights are and what
they have to do to exercise these rights.
Q.
Do these rights include the right to be forgotten?
A:
The right to be forgotten will be a central pillar of my reform proposals.
People should be able to have their data deleted when data is no longer
necessary for legitimate purposes. This should be a right and not only a
possibility. The burden of proof should not be on the consumer but on data
controllers. The companies that collect the data have to prove why they have to
keep the data, rather than individuals having to prove that collecting their
data is not necessary. When there has been a data breach – that means that
people's data have been unlawfully accessed – companies should have to notify
consumers without delay. I have done that already in the telecom sector and am
planning to extend it to the Internet now.
Q:
What about supplier lock-in? Who owns the data?
A: We have already achieved number
portability in the telecom sector. Portability of consumers’ data from social
networking sites — be it photos or friends' contacts — will be included in the new
data protection rules.
Q:
How long will it be before the legislation is put in place in member states?
A:
I will make up my mind on the final form of the proposed legislation in the
coming weeks and present it to the Council of Ministers and to the European
Parliament. Then it will depend on their speed. Member states will also have to
individually adapt national rules so it can take some years before the new
rules are put into effect.
Q:
How can you ensure that the new legislation is applied uniformly across the EU?
A: We know that one of the big problems
today is the patchwork of legislation and interpretation of law in the European
Union. Compliance costs companies some 2.9 billion euros per year in unnecessary
fees. We want to get rid of this and have one data protection rule for all of
Europe. The law will be the same for all 27 member states.
Q.
Who will enforce the new rules in the EU and what sort of sanctions do you have
in mind for companies that violate them?
A. National data protection authorities
will enforce the rules. That is why a central pillar of the reform is the
strengthening of national data protection authorities and ensuring they work
very closely together. They must have the rights tools to act, including the
possibility to sanction data breaches. Sanctions could be financial or administrative.
This will give the legislation the necessary teeth so the rules can be enforced.
Q.
Is there a chance this new
legislation will be in conflict with rules in other regions, such as North
America?
A.
Europe is really a front runner in the way it protects the personal data of the
individual. Of course, we need to work very closely together with other
regions. Dialogue with the U.S. is essential to data protection issues. U.S.
Senators John Kerry and John McCain recently proposed a commercial privacy bill
of rights, arguing that the U.S. government must act to level the playing field
for all collectors of personal data. This shows that things are moving in the
U.S. and this is encouraging indeed.
Q:
The World Economic Forum is working on the issue of data protection from a
global perspective. Is the European Commission playing a role in those
discussions?
A: Absolutely. For the
last several years I have been going to Davos to meet the IT and media
governors on this topic. Data protection is moving higher and higher on the
agenda. I am again expecting a busy couple of days in Davos.
This article is also available on www.informilo.com
Always in Touch
-
Livestream
Follow DLD live! -
DLD-iPhone App
Get the official DLD-Conference App!
-
Google +
Add DLD Conference to your G+ circle!
-
DLD Magazine
Discover the Infinite
Issue on your iPad.
-
Facebook
Become a fan!
-
Twitter
Follow us!
-
Tumblr
Follow DLD on Tumblr.
-
XING
Get latest corporate updates on XING
-
Cool Munich City Guide
Discover the cooperation between teNeues and DLD -
YASSSU
DLD12 on every smartphone
-
Flickr
See pictures tagged
DLD Conference!
