As a consumer, do you feel that your privacy is better protected now than it was two years ago? As a business, do you feel that there is more trust between you and your customers than in 2012? If your answer in both cases is no, then today is the right moment to consider why.
It is European Data Protection Day 2014. Barring a handful of specialist conferences, you probably won’t notice. But in Brussels, a more significant event is taking place – Viviane Reding, vice-president of the European Commission and architect of the Data Protection Regulations two years ago, is giving a major speech to mark the day.
She will describe the regulations as the “gold standard” for data protection and will announce that it is “full speed ahead” to reach an agreement by the 27 EU Member States by the end of this year. If you thought that the 3,000-plus amendments which had been tabled, combined with the objections of US technology firms, had parked the whole matter, think again.
Instead, a timetable has been agreed which will speed up the introduction of the Regulation. The last critical hurdle to be taken is the first reading by the European Parliament, scheduled for just three months’ time in April. That will be the last point at which any political pressure to revise or drop the proposals will be possible and it currently seems highly likely that a majority of MEPs (possibly excluding the British members) will vote in favour.
Reding will point out that, despite media coverage of the debate on the Regulations so far having given an impression of delays, the existing Data Protection Directive took five years to negotiate. At just two years (and counting), the new Regulation is racing through the process by comparison.
Among the commercial organisations which rely on personal information that I have spoken to about the Regulation, there is far less fear than the lobbying groups have tried to whip up. Instead, there is a pragmatic realisation that the new laws will shift the balance of power a little more in favour of the individual, something that is both inevitable and in some ways to be desired.
Certainly Reding continues to argue that the Regulation will be to the benefit of the consumer – by providing better protection of the fundamental rights to privacy and data protection - and that commerce will also be a beneficiary as a result, because the rules of engagement will be much clearer and also fit for purpose in the digital era. Nobody would argue that the existing Directive can continue unchanged, not least because it was written before the internet became the force it is today.
Only one thing has really changed between Reding tabling the Regulation in 2012 and giving her speech today. The revelations about state data gathering on citizens and politicians has revealed a dramatic new threat to privacy which lies well outside of the commercial realm.
On this subject, Reding is taking an interesting tack. She is not proposing anything as blunt as fresh trade negotiations between the EU and the US to get NSA data capture minimised. Instead, she is hoping to hit American interests where they are most sensitive – on the bottom line.
The loss of consumer trust in the wake of the NSA exposures could see up to $35 billion lost to the American cloud services sector over the next three years, claims Reding. If those American technology giants want to retain this revenue stream, then they need their own government to sign up to an umbrella agreement giving EU citizens the same data protections when their information is held in America as they have in Europe and to revisit the Safe Harbour framework to make it safe again.
It is a shrewd manoeuvre and one which demonstrates why Reding will likely get her way with the Regulation (and will probably accede to the Commission presidency later this year). Looking back, it could turn out that European Data Protection Day 2014 ended up being one of the most significant yet.