Reding and Privacy
Viviane Reding is Vice-President of the European Commission, Responsible for Justice, Fundamental Rights and Citizenship. She has been a member of the European Commission since 1999 and previously served as a member of the European Parliament form 1989-1999 and as a member of the Luxembourg Parliament from 1979-1989.
Reding recently helped spearhead Global Board Ready Women, an initiative to ensure that there are more women on corporate boards in Europe in collaboration with the Global Telecommunications Women’s Network and other women’s groups, and leading European business schools.
Reding wrote this essay for The Mobile Century.com, a webzine being launched at this year's Mobile World Congress in Barcelona by the Global Telecommunications Women’s Network.
Anonymized data collected by mobile operators could be used to pinpoint where people are moving en masse during disease outbreaks to better target relief efforts; to help policymakers better understand issues like hunger and poverty; and to manage disasters in real time.
But abuses by businesses and governments abound and there is danger of a consumer backlash. A hardening of consumer attitudes, coupled with tightening regulation, could diminish the supply of personal data, undermining not just the Internet economy but big data analytics that could be used to help solve some of the world’s most pressing problems.
Mobile operators, device manufacturers, operating system vendors, application developers, and social networking and Internet companies have been working to help establish universal guidelines and approaches to data privacy that address consumer concerns and foster confidence and trust for mobile users. But recent revelations of unbridled surveillance by the U.S.’s National Security Agency have rattled consumers and there is as yet no global consensus on how to best approach oversight and enforcement to prevent such abuses in the future.
In her essay, Reding expresses strong ideas about how Europe should approach data privacy.
- We need the data protection reform in the EU statute book. I wish to see full speed on data protection in 2014. The European Parliament is overwhelmingly in favor of it. Member States need to take a position on this now. It is high time to take the final steps.
- The reform should not distinguish between private and public sectors. Citizens would simply not understand applying different principles in times when the public sector collects and collates data on the same scale as the private sector. It is also a very difficult distinction to draw when a local authority can buy storage space on a private cloud.
- Laws setting out data protection rules or affecting privacy require public debate because they relate to civil liberties online. Take the Polish experience. ACTA [the Anti-Counterfeiting Trade Agreement] was not publicly debated and both citizens and Polish Members of the European Parliament refused to accept the agreement. Poland has learned from this experience: today, data protection reform is the subject of a wide public information campaign. It has led to constructive exchanges and a joint position paper by the private employers' association and the leading civil liberties NGO.
- Data collection should be limited to what is proportionate. If this element of proportionality is lost, citizens' acceptance will be lost as well. Blanket surveillance of electronic communications data is not acceptable. It amounts to arbitrary interference in the private lives of citizens. Citizens should not all be treated like suspects.
- Laws need to be clear and kept up to date. I was struck by the reaction of the author of the U.S. Patriot Act, Congressman Jim Sensenbrenner, to the NSA revelations: "This is not what the Patriot Act was meant to do!" Technological change allowed the Patriot Act to be applied in ways that had not been imagined at the time it was written. States cannot rely on out-dated rules, drafted in a different technological age, to frame modern surveillance programs.
- National security should be invoked sparingly. It should be the exception, rather than the rule. The need to protect national security can justify special rules. But not everything that relates to foreign relations is a matter of national security.
- Without a role for judicial authorities, there can be no real oversight. Executive oversight is good. Parliamentary oversight is necessary. Judicial oversight is key. Ultimately, whether processing is legitimate is a question of balance between different imperatives, the need to protect privacy and the importance of maintaining security. The judiciary is necessary to ensure that the pendulum does not swing too far.
Data Protection rules should apply irrespective of the nationality of the person concerned. Applying different standards to nationals and non-nationals depending on their nationality and place of residence impedes the free flow of data. Europe should be very proud of the fact that it treats data protection as a fundamental right on which every human being can rely.
The Data Protection Compact would enable Europeans to exercise our right of digital self-determination. Not to depend on decisions made elsewhere, but to decide ourselves how we want to protect the personal data of our citizens, while keeping our internal market open and competitive.