As the ongoing conflict concerning data protection reaches new highs, Europe is still struggling to finding appropriate solutions to protect itself and its citizen from the theft, use and abuse of private data.

Dutch Data Protection Authority (AP) has imposed a fine of €475,000 on Booking.com for a data breach where criminals accessed the personal data of more than 4,000 customers, including obtaining the credit card details of nearly 300 users of the popular travel site.

The criminals extracted login details to the accounts from employees of 40 hotels in the United Arab Emirates.

Phishing

"Booking.com customers ran the risk of being robbed here," said Monique Verdier, Vice President of the Dutch data protection agency. "Even if the criminals did not steal credit card information but only someone's name, contact details and information about his or her hotel booking. The scammers used that data for phishing."

"By pretending to belong to the hotel by phone or email, they tried to take money from people. That can be very credible if such a scammer knows exactly when you booked which room. And asks if you want to pay for those nights. The damage can then be considerable, "said Verdier.

Booking.com was notified of the data breach on 13 January, but didn't report it within the mandatory three day period after discovering a breach. Instead, they waited a further 22 days.

"This is a serious violation," said Verdier. "Unfortunately, a data breach can happen anywhere, even if you have taken good precautions. But to prevent damage to your customers and the repetition of such a data breach, you must report this in time. Speed is very important." 

Find out how MEPs want to shape the EU's rules for non-personal data sharing to boost innovation and the economy while protecting privacy.

Data is at the heart of the EU's digital transformation that is influencing all aspects of society and the economy. It is necessary for the development of artificial intelligence, which is one of the EU's priorities, and presents significant opportunities for innovation, recovery after the Covid-19 crisis and growth, for example in health and green technologies.

Read more about big data opportunities and challenges.

Responding to the European Commission's European Strategy for Data, Parliament's industry, research and energy committee called for legislation focussed on people based on European values of privacy and transparency that will enable Europeans and EU-based companies to benefit from the potential of industrial and public data in a report adopted on 24 February 2021.

The benefits of an EU data economy

MEPs said that the crisis has shown the need for efficient data legislation that will support research and innovation. Large quantities of quality data, notably non-personal - industrial, public, and commercial - already exist in the EU and their full potential is yet to be explored. In the coming years, much more data will be generated. MEPs expect data legislation to help tap into this potential and make data available to European companies, including small and medium-sized enterprises, and researchers.

Enabling data flow between sectors and countries will help European businesses of all sizes to innovate and thrive in Europe and beyond and help establish the EU as a leader in the data economy.

The Commission projects that the data economy in the EU could grow from €301 billion in 2018 to €829 billion in 2025, with the number of data professionals rising from 5.7 to 10.9 million.

Europe's global competitors, such as the US and China, are innovating quickly and applying their ways of data access and use. To become a leader in the data economy, the EU should find a European way to unleash potential and set standards.

Rules to protect privacy, transparency and fundamental rights

MEPs said rules should be based on privacy, transparency and respect for fundamental rights. The frree sharing of data must be limited to non-personal data or irreversibly anonymised data. Individuals must be in full control of their data and be protected by EU data protection rules, notably the General Data Protection Regulation (GDPR).

The committee called on the Commission and EU countries to work with other countries on global standards to promote EU values and principles and ensure the Union’s market remains competitive.

European data spaces and big data infrastructure

Calling for the free flow of data to be the guiding principle, MEPs urged the Commission and EU countries to create sectoral data spaces that will enable the sharing of data while following common guidelines, legal requirements and protocols. In light of the pandemic, MEPs said that special attention should be given to the Common European Health Data Space.

As the success of the data strategy depends largely on information and communication technology infrastructure, MEPs called for accelerating technological developments in the EU, such as cybersecurity technology, optical fibres, 5G and 6G, and welcomed proposals to advance Europe's role in supercomputing and quantum computing. They warned that the digital divide between regions should be tackled to ensure equal possibilities, especially in light of the post-Covid recovery.

Environmental footprint of big data

While data has the potential to support green technologies and the EU's goal to become climate neutral by 2050, the digital sector is responsible for more than 2% of global greenhouse gas emissions. As it grows, it must focus on lowering its carbon footprint and reducing E-waste, MEPs said.

EU data sharing legislation

The Commission presented a European strategy for data in February 2020. The strategy and the White paper on artificial intelligence are the first pillars of the Commission's digital strategy.

Read more about artificial intelligence opportunities and what the Parliament wants.

The industry, research and energy committee expects the report will be taken into account in the new Data Act that the Commission will present in the second half of 2021.

Parliament is also working on a report on the Data Governance Act that the Commission presented in December 2020 as part of the strategy for data. It aims to increase data availability and strengthen trust in data sharing and in intermediaries.

Parliament is set to vote on the committee report during a plenary session in March.

A European strategy for data 

• Committee report 
• Commission communication 
• Check legislative progress 

Data Governance Act: European data governance 

• Committee report 
• Commission proposal 
• Check legislative progress 
• Briefing