Marju Lauristin has spent most of her life as a teacher, though that's the most modest way to describe her. Specifically, she's a professor emeritus of more than 40 years. She has been at University of Tartu since 1995, and her academic career has focused on social sciences and media studies.
But now she's playing head of the class on the global privacy stage as rapporteur for the ePrivacy Regulation.
Lauristin isn't new to politics; she has been in the game for 30 years or so. In fact, she was an establishing member of the first large-scale independent political movement in Estonia, called "Rahvarinne," in 1988, during the Soviet occupation. Since then, she has served as chairman of the Estonian Democratic Party, deputy speaker of the Estonian Parliament and minister of Social Affairs of Estonia.
Lauristin, whose party in Estonia is called the Social Democratic Party, said her politics are more inclined toward the "social liberal side of social democracy, more to the center left," she said. "That means we have quite liberal views on a range of topics, starting from human rights and liberties. And that, for me, it's very close to my heart, this issue of human rights and individual freedoms."
Three years ago, she was elected to European Parliament for the first time. She became a member of the Civil Liberties, Justice and Home Affairs Committee (aka LIBE). And because of her academic experience as a researcher of data protection and digital developments in new media and information society, she was chosen to be rapporteur for the pending ePrivacy Regulation. The European Commission's initial draft of the regulation was introduced in January, and it's slated — perhaps "hoped"— to become effective, in its final version, in May 2018, alongside the General Data Protection Regulation.
"I was chosen ... because I have some out-of-politics professional experience in this area," she said.
The rapporteur is, essentially, the MEP who presents specific reports to Parliament. When committees are formed to draft legislative proposals, members of the committee vote to select the rapporteur, whose role is then to take a critical eye to the proposal, consult with various stakeholders and then recommend a course of action via a draft report. That draft serves as the working document to be amended and revised as necessary by the committee assigned before it's officially presented to Parliament and eventually voted on.
It's not an insignificant position to hold. Privacy pros who followed the drafting of the GDPR are almost certainly familiar with MEP Jan Philipp Albrecht, who was a fairly innocuous member of the Green Party until he was chosen to be rapporteur of the GDPR. He's now somewhat of a household name among those who follow politics.
"The rapporteur is a member of Parliament who is fully responsible for the whole process," Lauristin said. "The rapporteur is really the main gatekeeper and the real main leader of this whole drafting process, so the rapporteur really is presenting at first their own opinion and then the opinion amended by others, so, the rapporteur has a major influence on this [process]," Lauristin explained.
And that's where Lauristin's passion for human rights and individual freedoms may have an impact on what becomes the law of the land. Industry lobbyists have voiced their distaste for the regulation, arguing the GDPR does enough to protect consumers. But the GDPR doesn't cover confidentiality of communications.
"We try to be quite consistent in our committee when protecting that," she said. "For example, in the data protection area, there's an ongoing conflict in the trade-off between individual freedoms and values of confidentiality for personal life and so on, and national interest, for example, in security or business interests. And here in these kinds of conflicts, I am keeping quite firmly this position of protecting personal rights and freedoms. That's one main issue, and there are many problems here. How to find the proper balance and not to give up when approached with this kind of ... there's terrorism on one side and the business digital economy on the other side."
To Lauristin, it's simple: Sure, the environment is changing and technology is evolving in ways that require new legal frameworks to reflect those advancements, but she is laser focused on what can't change amid such updates.
"For me, really, it's a very fundamental issue. Even with all this digital media and all these things coming in, the human being, it's not so much changed," she said. "Basic rights, basic values of human beings are not so much changed as the environment around us. This need for confidentiality, for privacy, I suppose that's a basic need. That's absolutely essential."
And so it's with those principles in mind that Lauristin leads her committee in its effort to present a balanced and effective ePrivacy Regulation.
The challenge is scope, Lauristin said. There's such a range of technologies the Regulation must cover: social media, Skype, WhatsApp. And all these technologies have very different functionalities. Various platforms are collecting myriad kinds of data, some known to consumers and some unknown. That's a problem Lauristin wants the Regulation to fix.
"We have to make here some clarity: What is allowed and what is not allowed, and that not all that is possible is allowed," she said. "You can break any glass window, but you're not breaking it because you can. You're not doing it because first there are some cultural taboos, but also clear laws on what protects people from any kind of intrusion. Many things are possible technologically, and we have to answer: What part of that is possible but not available because it's not allowed and is breaking various cultural norms?"
Lauristin is particularly concerned about the way children are engaging with social media. She said she wants clear rules for providers on what's done with the data children are sharing on such platforms. She's also aiming for rules on connected toys.
Of course, there are surely plenty of companies who aren't exactly hanging welcome banners for an ePrivacy Regulation that could hamper their business models. But Lauristin isn't worried about lobbying efforts to water down the regulation, even from the strongly resourced big names across the Atlantic, like Google and Facebook. If U.S. tech companies want to succeed in the EU market, they'll simply have to learn to play by Europe's rules.
"Most of these big American companies are also active in the European market," she said. "They are ... trying to be competitive on the European market, and in order to be, they want to follow or should follow and must follow the same laws." While that probably feels a little claustrophobic to U.S. companies, "feeling they are not so free" as in the U.S., the "big ones are very adaptable," she said.
For example, look back 20 or 30 years ago at the car industry and how that changed once there was a priority placed on environmental values.
"I suppose nobody could imagine how important it would be," she said. "And now ... people are very watchful and there are very strict regulations, and the car industries are adjusting to that. We would try to achieve the same in this environment."
Given the potential threats that certain kinds of data collection pose to users, like location tracking, for example, Lauristin's view is that putting in place strict regulations won't kill industry. We're still making cars, aren't we?
"It is, from one side, for industry, a kind of challenge or obstacle," she said. "But from the other side, it is opening new avenues for innovation. I hope that, here, competitiveness will also be outside of European companies, as we are giving these rules in a more clear way, which I am sure should be followed all over the world."
photo credit: Thomas Hawk Redford High School, Detroit, MI via photopin (license)