At a press conference at the EU Delegation in Washington on Wednesday, EU Commissioner for Justice Vera Jourová had planned to debrief the press on her visit to the U.S. to discuss data protection. But her debrief, much like her week in Washington, was dominated by the Facebook-Cambridge Analytica scandal.
"I came to the United States to discuss data protection issues, but then the Facebook scandal happened so let me start with that," Jourová said. "It is a wake-up call for all of us. Data protection is not an aim in itself, it is important to protect our democracy. The GDPR comes just in time. These rules focus on making companies more accountable, more responsible in how they are dealing with our data. ... Also these new rules will be enforced by data protection authorities which will have real sanctioning powers. It cannot be cheap to cheat or be careless in the EU."
Asked whether the Facebook case would be a prime example of when the GDPR's sanctioning powers might be invoked at their highest levels — 4 percent of a company's global turnover — to set an example to other companies, Jourová wouldn't comment on Facebook specifically. But she said, "If some company will try this in Europe after May 2018, it's very likely this drastic sanction will be applied." Fines cannot be applied for retroactive infractions, however, so Facebook won't be fined for this particular infraction once GDPR is enforced just months from now. "But from May on we will not hesitate to use the highest possible sanctions in case of most harm which can be caused to the European citizens."
Jourová said in cases where the number of affected individuals is in the thousands or even billions, high fines would be and should be applied.
She added, "This is not only about the breach of the protection of privacy of people. This is invasion into the private life of people, into their integrity," and ultimately affected the electoral results, she believes. "Very dangerous. And we don't want this in Europe." After a brief pause, she added with a laugh, "I'm becoming passionate. But when it comes to democracy..."
On the Facebook case at hand, Jourová said she told Secretary Ross that she "will also ask the Federal Trade Commission about the possible action which should come as a consequence to this matter, and I will ask whether the FTC will look into this case also from the perspective of Privacy Shield conditions."
Jourová said trust is the key ingredient to data protection at companies but that the same is true for international cooperation, namely the Privacy Shield agreement between the EU and the U.S. There are a lot of questions and concerns among stakeholders in the EU over the agreement, and there's no time for second-best options, she said. However, her tone on conversations she had this week with U.S. Secretary of Commerce Wilbur Ross was optimistic. Jourová said Ross provided assurances that the U.S. is receptive to the EU's concerns and has committed to addressing them.
Asked whether the Commission had concerns about Privacy Shield under President Donald Trump, which was negotiated under President Barack Obama, Jourová said while the EU had "many concerns" initially over whether there would be a strong change in direction under Trump, "This has not happened. We are quite satisfied that the continuity is in place. That's why I came here also to discuss with Mr. Ross all the things which need to be done to strengthen the scheme of Privacy Shield, and if everyone continues doing what he or she has committed to do, Privacy Shield can run in a satisfactory way for the future, but we need to see some improvements.
"We need to see the permanent structure in the ombudsman's office," she said. While there's currently an acting ombudsman who Jourová is sure is "efficient and hard working, for us it's not sufficient." The Commission also wants a better description of how the ombudsman's independent office will work procedurally, including the channels of information the ombudsperson, meant to be independent, will use when investigating cases. In addition, the Commission wants the U.S. to take a more proactive approach to be sure U.S. companies enrolled in the Shield framework (there are more than 2,500 now) are compliant.
Jourová wants to publish as part of the Shield's second annual review that the improvements have happened and said that American companies seem to understand the importance of this.
In the end, Jourová is confident the GDPR is coming into play at the right time and that the potential sanctions it encompasses will act as a sufficient deterrent for companies to act responsibly in managing customer data.
"GDPR makes European Union the space and the territory where cheating will be very, very expensive," she said.
If you want to comment on this post, you need to login.