EU needs 'forward thinking' data protection regulation

In a world of increasingly fast paced technological developments, Europe must implement data protection legislation that is effective in the long term, writes Marju Lauristin.

By Marju Lauristin

11 Mar 2015

The role of privacy and data protection is of outstanding importance today. In a globalised economy and an interconnected world built around online communication, personal data is available, stored, used and evaluated on a daily basis and on an unprecedented scale. Over the coming decades, humanity will have to decide how to make use of all this information without betraying the fundamental rights and norms which have been such a struggle to develop.

The reason we urgently need a new legal framework is clear when you consider that 20 years ago - when the 1995 data protection directive was adopted - we lived in a world of balance sheets, big heavy computers and the first mobile phones.

Now, we have smartphones, social media, online shopping and online communication in all its forms. Public and private databases of sometimes highly sensitive data have cropped up, and information is exchanged within Europe as well as transferred to third countries. How we decide to deal with this will shape our lives in the coming years, in ways we cannot even begin to fully comprehend.

"Certainly, we must make our children's security a priority, but we also need to pay closer attention to provisions creating a safe digital environment for elderly people"

We cannot prevent the technological development of information systems or big data, as this would not be compatible with the logic of science. Nevertheless, we must carefully analyse the situation in order to predict how these new developments interact and affect our everyday surroundings and personal rights.

Legislators have a duty to impose reasonable restrictions on the use of new technologies that could have harmful effects on citizens' rights, their safety and their security. In doing so, we must learn lessons from our history of culture and communication, since human communication and human memory are also a form of personal data storage.

Today, we are dealing with two realities - natural and virtual. For example, in our natural reality, we can use insulation to block out noise from our neighbours, but how can we achieve this in our virtual reality? In face to face relationships, we know that normal human interaction requires not only memory, but also the ability to forgive and forget. How can we use this wisdom when communication via computers is conducted with unrestricted capacity to retain information?

But personal data is not just a matter of individual concerns. In the information age, it has become a matter of big business as well as a source of considerable security threats. Therefore, the EU needs a fully updated and forward thinking data protection system. Parliament's text on the regulation for the protection of personal data, which was voted during the plenary session in March 2014, is a well-balanced report that reflects many ideas from different political groups and clearly sets out higher standards compared to the 1995 directive.

As with any infant legal text - in the sense that we are currently in a preliminary phase and must wait for trilogue negotiations to be completed before adopting this piece of legislation - gaps and ambiguities are to be expected, but these can and will be corrected during the talks.

Had I been in charge three years ago, I would have focused more on the standards of ICT development and the need to introduce new in-built technological solutions, given the increasing speed and scope of data processing in our day to day life. Privacy by design and by default are the centrepieces of the text, and if we emphasise this side of things, we can become world leaders on the matter.

"The most important parameter in the privacy issue is culture and the way in which citizens face the new reality of things"

Certainly, we must make our children's security a priority, but we also need to pay closer attention to provisions creating a safe digital environment for elderly people. Following discussions with many stakeholders, NGOs and citizens' groups, I have come to the conclusion that the original commission proposal would be more effective if it was slightly less general but more sectorial. By giving more attention to the diversity of problems, without dropping our universal principles, we could have introduced different means to reach the same purpose. In this context, we should concentrate more on the complexity of issues created between individual rights and public interest. For example, we should make a distinction regarding personal data collected or maintained in databases in the health sector.

On the one hand, pharmaceutical companies collect personal data for commercial purposes, but on the other hand, this information could be used to further valuable research. Of course, sometimes even a fully commercial purpose, such as the sale of a new drug to treat cancer pain, may serve the public interest. In this case, a purely business interest also serves public interest. In a broader context, in both cases, the main beneficiary is our health.

The most important parameter in the privacy issue is culture and the way in which citizens face the new reality of things. Europe means diversity. I come from a country that has heavily invested in technology and eServices. Indicatively, we sign electronically, we vote online, we receive our medical subscriptions online, among other things. Our open approach to the new digital era may differ or seem strange to people from other member states.

The challenge and aim of the new legislation is not to put restrictions on innovative developments, but rather to build up confidence in technology throughout Europe, and enable all European citizens to handle their privacy, reflecting their personal choices and way of life. The law cannot protect the personal data of someone who does not want to be protected, but as legislators, we are obliged to protect those that do.

 

Read the most recent articles written by Marju Lauristin - EU Council presidency: Estonia must make progress on data protection rules