Connect with us

Data

European Commission should stand firm on free #data flows

SHARE:

Published

on

We use your sign-up to provide content in ways you've consented to and to improve our understanding of you. You can unsubscribe at any time.

EU_Data_Privacy_LawsThe European Commission is losing its nerve over the free flow of data. After initially saying it would announce a regulation to overturn national laws preventing data flows to other member states, it has kicked the issue into the long grass by relegating it to a public consultation. This is disappointing. Data flows are an essential part of trade in a great many services, and data localization is a trade barrier. To support the single market, the European Union should remove legal obstacles to data flows within the EU. It should also relax the rules in the General Data Protection Regulation (GDPR) governing transfers to non-EU countries. Doing so will bring down costs for European companies and consumers, strengthen competition in data-driven services, and bolster international trade, writes Nick Wallace.
The Commission originally planned to announce legislation on November 30, 2016, but less than a week before the due date, Vice President Andrus Ansip postponed it, saying, “It seems more complicated than I thought.” He said there would be a communication on the initiative in January, “then somewhere in June we will continue with the regulation… First communication, then concrete action.” Unfortunately, the communication that came—“Building the European Data Economy”— does not suggest that whatever is on the way is especially concrete. It makes little sense to launch a consultation that can only weaken what could otherwise have been a straightforward regulatory proposal. Bear in mind that any draft legislation would most likely be watered down as it goes through the Parliament and the Council anyway.
Vice President Ansip’s well-intended idea, repeated in the communication, that data flows should be a “fifth freedom” of the EU after people, capital, goods, and services ignores the crucial point that data is not separable from any of these four freedoms. For any of them to cross European borders without restraint, there needs to be a corresponding flow of data in the opposite direction—especially for services— because transactions are increasingly underpinned by larger and richer datasets. 
 
But in talking about a “fifth freedom,” the Commission risks creating a rod for its own back by making it easier for opponents to misrepresent the free flow of data as new legal territory for the EU—a constitutional land-grab. The free flow of data is merely a simple and necessary regulatory measure to support the fundamental principles of the European single market.
The communication highlights the fact that data localization does nothing to guarantee privacy or security, but then contradicts itself by saying that the lack of cross-border security standards might justify data localization rules for data on critical energy infrastructure. This does not make sense: either data localization enhances the security of this data or it does not. The correct answer is that it does not
                                            
The communication also suggests that localization of some data might be justifiable in order to guarantee that law enforcement agencies can access it, thus simultaneously highlighting and ignoring the inadequacy of Mutual Legal Assistance (MLA) in the EU, which should ensure cross-border cooperation in criminal investigations, particularly evidence sharing. Data localization laws exacerbate this problem by weakening the impetus to tackle it at its source. Furthermore, all EU countries have laws requiring disclosure of certain types of data to the authorities, but few require data localization in order to guarantee it: If the UK’s Investigatory Powers Act 2016 can enforce such an extreme surveillance regime without data localization, then why should Germany’s telecoms surveillance law require it?
Furthermore, the Commission should not allow national governments to pass laws that supersede GDPR rules on data flows to non-EU countries. France has outlawed all transfers of French citizens’ personal data to countries outside the EU, thereby throwing up a unilateral trade barrier and making a joke of the very notion of a having common European policy on this matter in the first place.  
The EU should also ease the GDPR’s restrictions on international data flows, which force spending on unnecessary data centers, driving up hosting costs and harming competition between European and non-European cloud services providers. Properly encrypted data can be safely stored almost anywhere, even if the host country’s privacy practices resemble those of Airstrip One, and inadequately secured data is not safe anywhere, at home or abroad. This goes without even mentioning that the most likely primary destination of this data is the United States, where, irrespective of legal differences, de facto privacy protections “on the ground” are arguably stronger than in much of Europe. Storing data in the EU as a response to illegal snooping by the NSA does not protect privacy, but it does conveniently distract from the fact British, German, French, Belgian, and Swedish intelligence agencies do the same and worse.
The Commission should stop wavering and draft legislation that completely outlaws national prohibitions on data flows to other member states. Instead of a consultation on intra-EU data flows, the Commission should invite opinions on restrictions to data transfers outside of the EU and their impact on the European economy, as well as seek comments on the long-term viability of adequacy rules and agreements like Safe Harbor and Privacy Shield. When the GDPR comes into effect next year, the Commission should also file infringement proceedings, under Article 258 of the Lisbon Treaty, against member states with laws that obstruct the mechanisms for international data flows established in GDPR Chapter V. These three measures would help to bolster the development the digital single market and strengthen European competitiveness in the international data economy.

Share this article:

Data

Greater protection, innovation and growth in the UK’s data sector as announced by the UK's Digital Secretary

Published

on

The Information Commissioner’s Office (ICO) is set for an overhaul to drive greater innovation and growth in the UK’s data sector and better protect the public from major data threats, under planned reforms announced by the Digital Secretary Oliver Dowden

Bridget Treacy, partner (UK privacy and cybersecurity practice), Hunton Andrews Kurth, said: “The UK government has signalled an ambitious vision for reforming the UK’s data protection laws, simplifying the current regime, reducing red tape for business and encouraging data-led innovation. After careful analysis, the government believes it can significantly improve the UK’s data privacy regime and how it works in practice, while retaining high standards of protection for individuals. Far from attempting to replace the current regime, this looks like an attempt to fine tune it, making it better able to serve the needs of all stakeholders and a better fit for the digital age. 

“Taking a fresh look at international data flows is long overdue, and here it will be interesting to see how creative the UK government is prepared to be. Global data flows are an inevitable part of global commerce and the Covid-19 pandemic highlighted the need for global collaboration in research and innovation. The UK government wants to enable trusted and responsible data flows, without reducing protection for individuals, and without needless red tape. A more agile, flexible, risk-based and outcomes-driven approach for determining adequacy may improve data protection overall. But here the government will need to take particular care, assuming it wishes to retain the UK’s adequacy status in the EU.

“It appears that even the Information Commissioner’s Office will be the subject of reform, with proposals to modernize the governance structure of the data protection regulator, set clear objectives and to ensure greater transparency and accountability. The ICO is a highly respected data protection regulator, offering much admired global leadership on difficult issues. Care will be needed to ensure the ICO’s much vaunted and highly valued independence are not compromised by the proposed reforms.

Advertisement

“Overall, this looks like a thoughtful attempt to improve the UK’s existing data protection regime, not through radical change, but by building on and fine tuning the existing framework to make it a better fit for our digital age. Organizations should welcome the opportunity to contribute to this consultation.”

Bojana Bellamy, president of Hunton Andrews Kurth’s Centre for Information Policy Leadership (CIPL), a pre-eminent global information policy think tank located in Washington, DC, London and Brussels said: “The UK government vision is a positive development and is much needed to address the opportunities and challenges of our digital age. The plans should be welcomed in both the U.K. and in the EU. This is not about lowering the level of data protection or getting rid of GDPR, it is about making the law actually work in practice, more effectively and in a way that creates benefits for all – organisations using data, individuals, regulators and the UK society and economy. Laws and regulatory practices need to evolve and be agile just like the technologies they are trying to regulate. Countries that create the flexible and innovative regulatory regimes will be better placed to respond to the Fourth Industrial Revolution we are witnessing today.

“There is no doubt that some aspects of the GDPR do not work well, and some areas are unhelpfully obscure. For example, the rules for data use in scientific and industrial research and innovation are cumbersome to locate and analyse, hindering use and sharing of data for these beneficial purposes; it is difficult to use personal data for training AI algorithms to avoid bias; individuals’ consent to data processing has been rendered meaningless through over-use; and international data flows have become mired in red tape.

Advertisement

“The UK government’s bold vision to simplify the current data protection regime, reduce red tape, put more onus on organisations to manage and use data responsibly, and to reinforce the pivotal role of the UK privacy regulator is the right way forward. It achieves both effective protection for individuals and their data and enables data driven innovation, growth and societal benefits. Other governments and countries should follow the UK lead.

“It is high time to revamp the rules for international data flows and the UK Government is absolutely right to focus on enabling trusted and responsible data flows. Businesses in all sectors will welcome a more seamless regime for data transfers and adequacy decisions in respect of more countries. Corporate data privacy officers divert too much resource to addressing the legal technicalities of data flows from the EU, especially in the aftermath of the EU Schrems II judgement. Consumers and businesses would be better served by organisations focusing on privacy by design, risk impact assessments and building comprehensive privacy management programmes fit for the new digital economy. 

“It is encouraging that the government recognizes the UK Information Commissioner’s Office as a key digital regulator in the UK, with a critical remit of protecting both individuals’ information rights and enabling responsible data driven innovation and growth in the UK. The ICO has been a progressive regulator and influencer in the global regulatory community. The ICO must be given the resources and tools to be strategic, innovative, engaging early on with organisations using data and encouraging and rewarding best practices and accountability.”

Share this article:

Continue Reading

Data

New rules on open data and reuse of public sector information start to apply

Published

on

17 July marked the deadline for member states to transpose the revised Directive on open data and reuse of public sector information into national law. The updated rules will stimulate the development of innovative solutions such as mobility apps, increase transparency by opening the access to publicly funded research data, and support new technologies, including artificial intelligence. A Europe fit for the Digital Age Executive Vice President Margrethe Vestage said: “With our Data Strategy, we are defining a European approach to unlock the benefits of data. The new directive is key to make the vast and valuable pool of resources produced by public bodies available for reuse. Resources that have already been paid by the taxpayer. So the society and the economy can benefit from more transparency in the public sector and innovative products.”

Internal market Commissioner Thierry Breton said: “These rules on open data and reuse of public sector information will enable us to overcome the barriers that prevent the full re-use of public sector data, in particular for SMEs. The total direct economic value of these data is expected to quadruple from €52 billion in 2018 for the EU Member States and the UK to €194 billion in 2030. Increased business opportunities will benefit all EU citizens thanks to new services.”

The public sector produces, collects and disseminates data in many areas, for example geographical, legal, meteorological, political and educational data. The new rules, adopted in June 2019, ensure that more of this public sector information is easily available for re-use, thus generating value for the economy and society. They result from a review of the former Directive on the re-use of public sector information (PSI Directive). The new rules will bring the legislative framework up to date with recent advances in digital technologies and further stimulate digital innovation. More information is available online.  

Advertisement

Share this article:

Continue Reading

Business

EU can be €2 trillion better off by 2030 if cross-border data transfers are secured

Published

on

DigitalEurope, the leading trade association representing digitally transforming industries in Europe and which has long list of corporate members including Facebook are calling for an overhaul of the General Data Protection Regulation (GDPR). A new study commissioned by the lobby shows that policy decisions on international data transfers now will have significant effects on growth and jobs across the whole European economy by 2030, impacting Europe’s Digital Decade goals.

Overall, Europe could be €2 trillion better off by the end of the Digital Decade if we reverse current trends and harness the power of international data transfers. This is roughly the size of the entire Italian economy any given year. The majority of the pain in our negative scenario would be self-inflicted (around 60%). The effects of the EU’s own policy on data transfers, under the GDPR and as part of the data strategy, outweigh those of restrictive measures taken by our major trade partners. All sectors and sizes of the economy are impacted across all Member States. Data-reliant sectors make up around half of EU GDP. In terms of exports, manufacturing is likely to be hit the hardest by restrictions on data flows. This is a sector where SMEs make up a quarter of all exports. "Europe stands at a crossroads. It can either set the right framework for the Digital Decade now and facilitate the international data flows that are vital to its economic success, or it can slowly follow its current trend and move towards data protectionism. Our study shows that we could be missing out on around €2 trillion worth of growth by 2030, the same size as the Italian economy. The growth of the digital economy and the success of European companies is dependent on the ability to transfer data. This is especially so when we note that already in 2024, 85 per cent of the world’s GDP growth is expected to come from outside the EU. We urge policymakers to use the GDPR data transfer mechanisms as it was intended, namely to facilitate – not to hinder – international data flows, and to work towards a rule-based agreement on data flows at the WTO." Cecilia Bonefeld-Dahl
Director General of DIGITALEUROPE
Read the full report here Policy recommendations
The EU should: Uphold the viability of GDPR transfer mechanisms, for example: standard contractual clauses, adequacy decisions Safeguard international data transfers in the data strategy Prioritise securing a deal on data flows as part of the WTO eCommerce negotiations
Key findings
In our negative scenario, which reflects our current path, Europe could miss out on: €1.3 trillion extra growth by 2030, the equivalent to the size of the Spanish economy; € 116 billion exports annually, the equivalent to Sweden’s exports outside the EU, or those of the ten smallest countries of the EU combined; and 3 million jobs. In our optimistic scenario, the EU stands to gain: €720 billion extra growth by 2030 or 0.6 per cent GDP per year; €60 billion exports per year, over half coming from manufacturing; and 700,000 jobs, many of which are highly skilled. The difference between these two scenarios is €2 trillion in terms of GDP for the EU economy by the end of the Digital Decade. The sector that stands to lose the most is manufacturing, suffering a loss of €60 billion in exports. Proportionately, media, culture, finance, ICT and most business services, such as consulting, stand to lose the most – about 10 per cent of their exports. However, these same sectors are those that stand to gain the most should we manage to change our current direction. A majority (around 60 per cent) of the EU’s export losses in the negative scenario come from an increase in its own restrictions rather than from third countries’ actions. Data localisation requirements could also hurt sectors that do not participate heavily in international trade, such as healthcare. Up to a quarter of inputs into the provision of healthcare consist of data-reliant products and services. In the major sectors affected, SMEs account for around a third (manufacturing) and two-thirds (services such as finance or culture) of turnover. Exports by data-reliant manufacturing SMEs in the EU are worth around €280 billion. In the negative scenario, exports from EU SMEs would fall by €14 billion, while in the growth scenario they would increase by €8 Data transfers will be worth at least €3 trillion to the EU economy by 2030. This is a conservative estimate because the model’s focus is international trade. Restrictions on internal data flows, e.g. internationally within the same company, mean this figure is likely much higher.
More information on the study
The study looks at two realistic scenarios, closely aligned with current policy debates. The first, ‘negative’ scenario (referred to throughout the study as the ‘challenge scenario’) takes into account current restrictive interpretations of the Schrems II ruling from the Court of Justice of the EU, whereby data transfer mechanisms under the GDPR are made largely unusable. It also takes into account an EU data strategy that places restrictions on the transfers of non-personal data abroad. Further afield, it considers a situation where major trade partners tighten restrictions on the flow of data, including through data localisation. The study identifies sectors in the EU that rely heavily on data, and calculates the impact of restrictions to cross-border transfers on the EU economy up to 2030. These digitising sectors, across a variety of industries and business sizes, including a large proportion of SMEs, make up half of EU GDP.
Read the full report here

Share this article:

Continue Reading
Advertisement
Advertisement

Trending