TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe Managing Director, June 17, 2016 Related reading: ICDPPC establishes working group on ethics and data protection in AI

rss_feed

""

PrivacyTraining_ad300x250.Promo1-01
GDPR-Ready_300x250-Ad

Greetings from Brussels!

Following on from last week’s MD Notes, I received some commentary and feedback expressing a desire to give an alternative view to the Brexit question. Upon reflection, my Notes could be construed to have been one-sided from an industry perspective; as reflected in meetings in London last week.

With that in mind we have invited a guest privacy professional working in the U.K. to put forward that alternative perspective. Moreover, we are respecting the author’s anonymity:

From the vantage point of the U.K., currently transfixed by a sometimes emotive national conversation on the country’s membership of the European Union, Paul Jordan’s blog from Dublin of 10 June appealing for the U.K. to remain within the Union on economic grounds struck a nerve.

To redress the balance, I am pleased to offer an alternative personal perspective from a U.K. privacy professional, an IAPP member, with many years experience.

The perceived wisdom is that the new European settlement on data protection, particularly with its demand for the creation of thousands of new jobs as DPOs, is something that we should all welcome. Well, consider the nature of the GDPR. Enormous efforts were made to persuade the European legislature to adopt a flexible set of rules, making companies genuinely accountable based on actual privacy outcomes. But, we have ended up with a highly prescriptive piece of legislation. This is not consistent with the flexible regulatory framework required for today’s dynamic information society. More importantly though, does this hugely important piece of legislation, a pillar of the digital economy in Europe going forward, have necessary democratic legitimacy, especially at the national level? 

The European Parliament may have considered a record number of amendments on the draft GDPR, but it can be questioned how representative the Parliament is of European electorates and how much real power it has. Furthermore, like most EU law, the GDPR originated from the unelected European Commission and, as far as I am aware, the essential bureaucratic concepts permeating the GDPR did not appear on the manifesto of any political party seeking elected mandate.

There is also a body of opinion here that the rulings of the Court of Justice of the European Union on data protection, not least on Safe Harbor, have tipped the balance too far towards the protection of personal privacy against important public interests. In particular, in looking at the activities of the intelligence agencies in combatting terrorism, the court over-represents the genuine privacy concerns of European citizens (except Max Schrems maybe) and downplays the legitimate need of society to protect its citizens from harm.

At the same time the massive disruption caused by the Safe Harbor judgment is clearly damaging to important trans-Atlantic business and trade. The latest developments, suggesting that standard contractual clauses may head south in the same way as Safe Harbor, would almost be laughable if they were not so damaging. Many companies have spent months drafting and executing these agreements. Maybe soon there will be no legal mechanisms left to support data flows from the EU. Is Europe to opt out of the global economy? 

There are many reasons to believe that the European project is stifling innovation and growth across the continent, whilst at the same time becoming increasingly centrist and undemocratic, but I believe that the new regime for personal data protection is a prime example of this.

With all the above in mind, can you blame those supporting Brexit for trying to wrest back control from Brussels? So long as our future trading relationship with the EU does not demand measures such as the GDPR to be anyway adopted (debatable), a Vote to Leave on 23 June provides this country the opportunity to chart a more independent, pragmatic and democratic route to regulating the digital society and personal privacy.

The referendum is indeed a sensitive and in many ways divisive issue for colleagues, friends and families. Momentous as this vote will be, we will have to wait until next week and see how it plays out!

Comments

If you want to comment on this post, you need to login.