As Vice President of the European Commission, charged with promoting and bringing to life the Digital Single Market, Andrus Ansip in some ways faces the same questions as your average chief privacy officer. How can the European Union maximize the return on the data its citizens generate while taking care to respect their human right to privacy?

We see this dynamic in his latest push for an end to data localization laws. In a recent sit-down with The Privacy Advisor in his office over coffee, this push for a free flow of data was top of mind, though the conversation flowed to GDPR implementation, the ePrivacy Directive, even the election of Donald Trump, announced just the day prior.

In fact, Ansip opened the discussion with a 10-minute exposition on the harms presented by data localization laws.

“We have to protect everybody’s privacy,” he began. “Trust is a must. At the same time, we have to have free data flows across the EU, and not only across the EU, but also to third countries.

“There is no contradiction,” he pointedly insisted, “between protecting privacy and free data flows.” 

To emphasize this point, Ansip was flanked by his data protection policy head, Laure Chapuis, on hand to consult on the finer points of process.

While those outside the EU might see the GDPR’s comprehensive regulation of personal data and new jurisdictional reach as inhibiting the flow of data, Ansip said the regulation is an example of “moving in the right direction,” and called it “a remarkable step forward.”

"Sometimes it seems that businesses are somehow afraid to use data, because when we’re talking about data we’re always talking about data protection and we don’t pay as much attention to data as a natural resource and commodity." — Andrus Ansip, European Commission

“To deal with 28 different types of rules is quite complicated,” he said, “for business to understand how those rules are protecting data, and also for our citizens to understand how data protection works.”

Nor is Ansip concerned that the GDPR will wind up being too onerous for business to deal with. “We will find balanced solutions,” he said. “Sometimes it seems that businesses are somehow afraid to use data, because when we’re talking about data we’re always talking about data protection and we don’t pay as much attention to data as a natural resource and commodity. We have to do both.”

The benefits, he said, are too potentially large to ignore. Indeed, in a letter to Ansip and EU Commissioner Günther Oettinger, who oversees Digital Economy and Society, a group of industry associations noted that the GDPR itself reads, “The proper functioning of the internal market requires that the free movement of personal data within the Union is not restricted or prohibited.” Following through on that promise by preventing “unjustified data localization requirements” could lead to as much as 52 billion euros per year in increased economic activity, according to a forthcoming study by the think tank ECIPE. The European Commission’s own Inception Impact Assessment from this past October already estimates the EU is losing 8 billion euros in economic activity right now due to localization laws.

Unfortunately, Ansip said, “we can see how this trend to push data localization is going up,” not down. “Now we have in the EU 50 different rules in 21 member states.”

While Ansip understands the need to keep national security data within country borders, “company registration data? Health data? Public transport data? Smart meter data? This data localization is a dead end,” he said.

“We don’t want to tell people to take their cash out of banks and put it under a pillow,” he reasoned, via metaphor. “We don’t think that’s more safe.” Similarly, “I think if we keep data in the cloud, it will be protected like money in banks; if data is somewhere in servers in basements, then I think the data will not be well protected,” regardless of what country it’s in.

Ansip pointed to a company like Scania, which wants to connect its 200,000 trucks around the world, allowing them to look at driving habits, the best routes, and how to keep the trucks close together to save fuel. Of course, there are drivers in those trucks, and the locations of those drivers may be personal information.

“What will happen when those trucks pass borders?,” Ansip wondered. “Does it mean they have to create data centers in every EU member state, including my little Estonia and Luxembourg? That will be too expensive, and I don’t think the data will be better protected.”

"I think we have always had good relations between the United States and the European Union and I think it will continue in the same way. I’m looking forward to having full cooperation with the new administration." — Andrus Ansip, European Commission

As a leading example, Ansip pointed to a new tax data bookkeeping law in Denmark. “It’s not so important where the data is,” he noted, “only that tax departments have to get access to that data online.”

Of course, he acknowledged, there remain issues to solve around data ownership, data access, data portability, the internet of things, connected cars, various liability issues, but all of those issues get easier with the free movement of data.

And what of that free movement of data out to third-party countries like the U.S.? Considering his hard work in getting the EU-U.S. Privacy Shield agreement in place, is he concerned about a Trump administration unraveling it?

“It’s too early to make a prognosis,” he said, “but I think we have always had good relations between the United States and the European Union and I think it will continue in the same way. I’m looking forward to having full cooperation with the new administration.”

He also said, however, “that it’s really important that this Shield is a process. There is a review clause, and we don’t have to wait another 13 years if we have to fix some problems,” as with the recently defunct Safe Harbor. “Every year we will have a review, and if there are some complications, then we will fix those problems. It’s much better than the Safe Harbor was. I don’t want to say that Safe Harbor was a bad idea, but, in the year 2000, I think they created this Safe Harbor and didn’t have any idea about technical possibilities for mass surveillance, for example.

“So, I’m absolutely sure there will be a good business environment for European companies in the United States and for American companies in Europe with the new administration in the White House.

“The first speech of an elected President Donald Trump, was quite promising,” Ansip said.