09 December 2014. Brussels’ 5th Annual European Data Protection & Privacy Conference today was notable more for what was not said rather than its explicit content. I happened to say the name Edward Snowden a few times in conversation, and each mention was met with a short silence, followed by a rapid change of subject.
Snowden was obviously a touchy matter. But I wasn’t surprised. This was a conference for the private sector after all, which in both the EU and the US is struggling to make sense of the rapid political attitude-changes taking place since the ex-NSA staffer blew his whistle.
The conference was timed to coincide with the ongoing work on the European Data Protection package, which remains something of a European-agreement-in-process. MEP Jan Albrecht reminded us that with the latest proposals before the European Council, that august body would have to complete its work by March 2015 if the European Parliament is to have a hope of signing it off by the end of next year.
The proposals fell under the Co-decision procedure, he said, and considering the sensitivity of the issue for European voters, we could be sure that MEPs would insist on their right to have the final say.
Since other speakers had pointed out the difficulty of getting 28 member states to agree on anything, let alone an issue of this sensitivity, a pessimistic onlooker might assume that there is little chance of any agreement by the end of 2015, let alone the original target date of end-2014.
But General Counsel Kelly Walsh for the US Department of Commerce urged us on, pointing out the potential benefits of what he called ‘Big Data’ in driving innovation and digital business. He cited in particular the health sector, saying that the advantages of Big Data may outweigh the concerns we have today.
He was not so reassuring on the privacy issue. When you have “software that is capable of monitoring students’ key-strokes and eye movements while at the computer”, I wondered if any kind of privacy at all is possible. I wanted to ask him how we protect Big Data from Big Brother, but apparently there was no time for questions.
However ex-Commissioner and now MEP Viviane Reding was there to champion European citizens’ fundamental rights. ”People will not give access to their data if they fear it is being misused,” she said, pointing to the slowdown in the cloud-computing sector as the perfect example. In this way, she said, data misuse distorts the market.
Kostas Rossoglou, Senior Legal Officer for the consumer-protection organisation BEUC, agreed. The real problem right now, he said, is a crisis of trust, with large numbers of European voters feeling that governments are putting their own agencies and big business before the needs of the ordinary consumer. “Safe Harbour is not safe”, he declared, emphasising that progress in this area will be difficult until consumers feel secure about the direction the industry is taking.
Industry is obviously aware of the problem, I thought, noting Microsoft’s full-page ad on page 4 of the programme asking readers if they are “Concerned that you’re not the only one checking your email?” The company is asking USgov to follow internationally agreed procedures to obtain emails (from its Irish data centre), rather than simply forcing tech companies to hand them over.
Governments need to strike the right balance between public safety and privacy concerns, Microsoft says. Very true. But for me perhaps the most telling intervention of all came from Mr Rossoglou again.
He reminded us that we are talking about personal rights and that, ultimately, individuals must retain the rights over their own personal data. This concept of EU fundamental rights over personal data has been incorporated into EU law for over 20 years, he said, and will not change. The discussion should be about how to comply, rather than how to modify.
© Philip Hunt, 2014.
Photos – Herman Ricour, Forum Europe.