Without a doubt, preparation for the EU General Data Protection Regulation is top of mind here at the IAPP Europe Data Protection Congress in Brussels, and that's exactly what European Commissioner for Justice, Consumers and Gender Equality Věra Jourová addressed during her keynote Wednesday.
Speaking to a packed auditorium, Jourová highlighted the importance of educating citizens on why the GDPR is being implemented. Of course, the Commission plays a large role here, but Jourová also called on businesses to help transfer this message to their customers.
"If people don't understand why we're implementing it, the cost-benefit is a total failure," she explained. "We must convey to EU citizens why it is so important to protect their privacy, why it is so important in this digital era that data subjects will not just become data objects. We must work hard not to make this happen."
Delivering her message with a hint of humility and humor during Wednesday's address, Jourová focused on the fundamental basis of the regulation, noting how easy it is to manipulate individuals based on their digital data. Considering that personal data has immense economic value, Jourová stressed that citizens need to understand that their privacy is their identity and their subjectivity. Citizens also need to understand that when services are free, it is likely that they are paying for it with their personal information.
"We must convey to EU citizens why it is so important to protect their privacy, why it is so important in this digital era that data subjects will not just become data objects." — Věra Jourová
"In Europe, it is right that we are the first ones coming up with stringent rules for the protection of private data. One thing that is helping us is that the tradition in Europe considers privacy a fundamental human right. We must protect it. You may not agree with me," she said, "but we are not under pressure from businesses like in the U.S. Who should set standards for the protection of privacy? Should it be China or Russia? Forget it."
She also noted that the European Commission is working hard on developing international data flows. This comes in addition to last year's EU-U.S. Privacy Shield agreement. After analyzing more than 100 laws globally, the Commission is seeing other countries adapt their regulations to meet at least some of the standards of the GDPR, she said. In particular, Jourová announced the Commission is in talks with Japan and South Korea for trans-border data flows.
On the Continent, Jourová explained the Commission is taking the "unusual step" of working closely with member states on their implementation of the GDPR. "We were happy to see that Germany was the first state" to adopt national legislation for the regulation. "We now have a good example of how the GDPR should be adopted." Jourová said national implementation must be consistent around the EU to help bolster a digital single market.
Likewise, enforcement of the GDPR by data protection authorities must also be consistent, she said. "It would be a failure for DPAs to impose different sanctions" across the EU.
Of note, she reported the Article 29 Working Party is set to release new guidelines for data breach notification and profiling Nov. 28. "I strongly recommend, or," she advised, with a smile, "I warmly invite you to consult with them."
"I also asked Silicon Valley companies to do their own campaign because they are in contact with citizens every day. They keep trying to convince me that the trust of their consumers is the big driver of their businesses and a competitive advantage." — Věra Jourová
Jourová spoke about her recent visit to Silicon Valley, noting, somewhat tongue-in-cheek, that some tech companies have assured her they are "ready" for the GDPR. Smaller- and medium-sized companies, however, she said, are not. That's why the Commission is collecting thousands of questions of practical aspects of the GDPR. These will comprise a toolkit for SMEs. The Commission will initiate a campaign this January to help companies follow the new rules.
"I also asked Silicon Valley companies to do their own campaign because they are in contact with citizens every day," she said. "They keep trying to convince me that the trust of their consumers is the big driver of their businesses and a competitive advantage." Companies must address new requirements like data portability and the right to be forgotten, for example.
"This is a fight between money and laws. The law is slower than the money," she warned. "We are investing time and energy looking into the right way to move forward. My position has always been, 'Let's not be hysterical because we could kill innovations.'" But it is up to companies, she stressed, that they cooperate and do the right thing.
If you want to comment on this post, you need to login.