EU Data Protection Reform May Promise More Than It Delivers
Implementing the biggest shake-up to Europe's fragmented data protection laws in two decades may fail to provide companies with the consistency and simplicity that had been promised across the 28-nation bloc.
A patchwork of privacy laws in the European Union, dating back to 1995 when the internet was in its infancy, was criticised for lacking teeth and being interpreted differently across the EU.
To tackle those failings, the EU last week agreed a sweeping overhaul of data protection rules which would introduce a single rule book, fines of up to 4 percent of a company's global turnover and simpler system of enforcement.
"A step change in sanctions will make privacy a board level issue," said Tanguy Van Overstraeten, a lawyer at Linklaters. "Some businesses will need to start taking these issues a lot more seriously."
Privacy has long been a particularly sensitive issue in Europe, where intrusive government surveillance during and after World War Two has made its protection a fundamental right on a par with guaranteeing the freedom of speech.
The exponential growth in data -- from people's credit card habits, social media postings and wearable fitness devices tracking their sleep and movements -- have fuelled concerns that individuals do not have enough control over such information.
The new rules should be a boon for web companies such as Google, Facebook and Amazon which do business across Europe and who currently have to deal with a series of national regulators.
EU Justice Commissioner Vera Jourova said on Monday that a single data protection law would save businesses around 2.3 billion euros ($2.5 billion) a year.
However, critics of the new measures question whether regulators will be able to cope with an increased workload and whether the regulatory overlap has genuinely been removed.
"We are concerned that investors will be scared off from investing in Europe and will look outside the continent to finance the next big thing in technology," said the Industry Coalition for Data Protection, whose members include Google, Facebook, Amazon and IBM.
The rules are tougher in some obvious ways. Not all privacy regulators currently have the power to levy fines. When they do, the amounts are often paltry compared to the billions of dollars of revenues of the businesses involved.
One of the most significant changes that companies were looking forward to was the "one-stop-shop".
Under the new law, which will come into force in two years, companies operating across the EU should only have to deal with the regulator in the country where they have their European headquarters.
But it was watered down by member states who were eager to protect the power of their national regulators to investigate U.S. tech companies -- which hold swathes of Europeans' data -- and ensure citizens could still complain to their local authority about a company located elsewhere.
That means any "concerned" authority will have the power to object to the decision made by the "lead" authority -- the one where the company has its EU headquarters.
Lawyers say that the definition of a concerned authority is too broad and for some companies it will not be clear where their main European base is.
"There is concern that the trigger for other data protection authorities to get involved is too low," said William Long, Partner at law firm Sidney Austin LLP.
But consumer groups say ensuring that citizens can still complain to their local regulator is important for protecting their privacy.
"If that proximity to the citizen is assured in a way that I, as a consumer, can easily complain to my national supervisory authority... that is a victory for citizens," said David Martin, senior legal officer at BEUC, the European Consumer Organisation.
Lawyers also point out it that the new EU rules leave many issues to the discretion of individual countries and there is still a risk that regulators could interpret them differently.
"It would be bad if an Italian company were sanctioned more than a French one for the same thing," Jourova said in an interview.
If there is disagreement between regulators the case will be referred to a European Data Protection Board (EDPB), yet to be created, to take binding decisions.
"The mechanism laid down in the data protection regulation establishes a hyper bureaucratic procedure that will lead to more complexity and longer procedures of law enforcement," said Johannes Caspar, head of Hamburg's data protection authority in Germany, which has jurisdiction over companies including Google and Facebook. ($1 = 0.9188 euros)
A Home-made Kill Switch And Other Ways To Keep Your Lives Private With Alexa Always Listening
A hacker has created a kill switch that will turn Alexa off in case she goes off track.
Budget Smartphones In US Secretly Sending Personal Data and Texts to China
A security firm recently discovered that smartphones made from China and sold in the United States are secretly sending personal data back to China.
Police Scans Facebook, Twitter and Other Social Media Networks Using Surveillance Tool
Geofeedia, a tool that can access data feeds from Facebook, Twitter and other social media networks, is rumored to be used by police authorities to monitor protests.
Spy Tech Allows Governments To See Everything On Your Smartphone
Governments can spy on your smartphone due to phone-spy tech tools sold by various companies.
UK government orders Google to delete Street View-snooped private data or face criminal charges
Google was ordered by the UK government's Information Commissioner's Office to delete the data accidentally collected by its fleet of Street View vehicles, or face criminal charges.
MORE IN ITECHPOST
Amazon Go Shopping Carts That Can Tell What You’re Buying
In Amazon's major upcoming store, they will implement Dash Carts. These smart shopping carts will know what you're buying.
NASA Astronauts To Conduct 2 More Spacewalks This Month
In an effort to finish upgrading the power system of the International Space Station (ISS), NASA astronauts Chris Cassidy and Robert Behnken will conduct a pair of spacewalks Thursday, July 16, and Tuesday, July 21.
How to Play Story of Seasons Friends in Mineral Town
It wasn't always called Story of Seasons. Before it was called such, this franchise went by another name that most people are familiar with- Harvest Moon.