Data protection in the European Union is a fundamental right. Europe already has the highest level of data protection in the world. With the EU data protection reform which was proposed exactly two years ago, Europe has the chance of making these rules a global gold standard. These rules will benefit citizens who want to be able to trust online services, and the small and medium sized businesses looking at a single market of more than 500 million consumers as an untapped opportunity.
Politicians, businesspeople and NGOs all agree on the need for the EU data protection reform. This is a consensus which emerged very early in the debate. It is a consensus that cuts across political colours, national or economic interests.
We also agree on why we need this reform: because individuals need to retake control of their personal data, and because personal data is the currency of our times, fuelling the digital economy. Like any other currency, it needs trust to be stable.
The surveillance revelations over the past months have shaken trust not only in our trans-Atlantic relationship but in the digital economy in general. They were a wake-up call for Europe and across the Atlantic. Citizens have been reminded of how important data protection is and why a strong framework for the protection of personal data is a necessity, not a luxury.
Citizens are not the only ones worried. The revelations also have an impact on the economy. Collected, analysed and moved, personal data has acquired an enormous economic value. According to studies, the value of EU citizens’ data was €315 billion in 2011. It has the potential to grow to nearly €1 trillion annually by 20201.
But citizens will not continue giving out their data if they do not trust the companies that handle it. Lost trust means lost revenue. Some estimate the NSA disclosures will reduce US technology sales overseas by as much as $180 billion, or 25 per cent of information technology services, by 20162. This is a call for action.
The data protection reform provides a response to fears of surveillance. It will help restore trust.
It will do so by making sure companies respect the rules. First, it ensures that non-European companies operating in our single market have to respect EU data protection law. Second, in cases where our European rules are breached, it will introduce tough sanctions that can go up to 2 per cent of the annual worldwide turnover of a company.
This is not the case today. Currently, national authorities sometimes respond with small slaps on the wrist that don’t make multinational technology giants flinch, let alone act. And third, it provides legal clarity on data transfers. When third country authorities want to access the data of EU citizens outside their territory, they have to use a legal framework that involves judicial control. Asking the companies directly cannot be the rule.
It will also give Europeans the rights they deserve. They want reassurance that handing out their personal data does not mean forgoing their rights. That is why we want to put citizens in control of their data by upgrading tried and tested principles like the right to the erasure of data into the right to be forgotten, and introducing new principles like the right to data portability and the right to be informed of personal data breaches.
These steps will help restore trust in the way citizens’ data is handled.
However, our reform will also bring benefits for businesses. Take a look at Europe’s current regulatory framework from their perspective. It is no longer fit for purpose. A company operating in all 28 member states has to comply with a different set of rules in each country. It has to deal with a different data protection authority in each country.
The reality is 28 different laws and more than 28 different interlocutors. The European Commission wants to replace this mountain by one law valid all over Europe. One continent, one law. Strengthening Europe’s high standards of data protection is also a business opportunity.
Public sensitivity to privacy issues is increasing, and it will not disappear as our lives become increasingly digital. Companies that deliver a higher standard of safety and security for data will be ahead of the curve. Data protection will be a selling point: a competitive advantage. Europe’s directly elected parliamentarians have already given their strong support to the Commission’s proposals. EU leaders at the October summit committed to a timely adoption of the new rules as a way to restore and foster the trust of citizens and businesses in the digital economy. These words now need to be put into action.
As the Greek presidency is now taking the helm of the Council of the EU and as the European Parliament will vote on the reform in plenary in the months to come, this is a window of opportunity. The data protection reform must be European politicians’ priority for the coming six months.
Citizens are calling for strong European data protection rules and businesses want a simple, clear and enforceable legal framework for doing business in the EU’s single market. The EU data protection reform answers both needs. It is a win-win deal for citizens and businesses. An agreement is within reach. We owe our citizens and our businesses nothing less.
Profile: Viviane Reding
Viviane Reding has been the Commissioner for Justice, Fundamental Rights and Citizenship since 2010. She previously held the media portfolio (1999-2010), and was an MEP for Luxembourg (1989-1999) and a member of Luxembourg’s Chamber of Deputies (1979-1989). A former journalist, Reding is strongly federalist and affiliated to the centre-right European People’s Party.