Posts Tagged ‘Neelie Kroe’
December 8th, 2011
How quickly things change in politics. In June, European Commission vice-president and Justice Commissioner Viviane Reding announced that she would introduce new rules that would make data breach reporting mandatory.
At the time, advice given was that these regulatory changes would be enacted by end-January 2012.
Six months later, the EU inertia, fuelled by intense lobbying and national political interests, has become clearly visible.
Now, the proposals for new legislation that will revise the 1995 Data Protection Directive are to be published at the end of next January, although many believe the process may take longer as the EU Justice Department needs to confer further with other national justice departments.
When these changes will become European law is in the lap of many gods. Don’t hold your breath.
Neelie Kroe, ,EU Commissioner for the Digital Agenda, is a key player in the process of drafting the new laws with Commissioner Reding and her agenda is to dismantle the barriers that block the free flow of online services and entertainment across national borders.
She wants to update EU Single Market rules for the digital era and through this to boost the music download business, establish a single area for online payments, and further protect EU consumers in cyberspace.
According to the Financial Times, which has seen draft proposals, the changes proposed by Commissioner Reding include fines of up to 5 per cent of global turnover for businesses breaching data protection rules, a deadline of 24 hours for notifying data protection authorities and affected parties, and a requirement for all companies with more than 250 employees to dedicate staff to data protection issues.
Commissioner Reding has been active this week, outlining in indicative and different forms the thinking behind the new EU rules. The difference is in the detail.
On Tuesday (December 6th) at the European Data Protection and Privacy Conference in Brussels, Commissioner Reding said: “In a world of ever-increasing connectivity, our fundamental right to data protection is in this moment seriously tested. Although the basic principles and objectives of the 1995 Directive remain valid, the rules need to be adapted to new technological challenges.”
She made no explicit reference to the idea of levying fines on organisations that allow data to be stolen.
The next day, at the GSMA Europe conference on cloud computing in Brussels, Commissioner Reding said that cloud computing brought both businesses and consumers enormous potential for growth but legislation needed to be brought up to date.
She said: “Technological advances in 2011 represent one of the biggest challenges to data protection and data security of our citizens. This is why we have to equip ourselves now and for the future. And this is why we have to adapt our current, European legislation on data protection, which is more than 15 years old, so that it meets these new challenges and any new situations.”
Among the proposals is a commitment to ensure users can remove their photos, videos or contacts from a cloud service without leaving any digital trace because “their profiles belong to them, not to the company”.
And there is the difference. Commissioner Reding is addressing her constituency, assuring them that their privacy concerns are heard and being addressed. At the same time, she is attempting to impose a regulatory system that forces organisations to report data breaches. Neither of these ideas is fleshed out in her public engagements this week and there are contradictions between the two thoughts she spoke around.
She said: “Reliable and consistent rules are essential if we want the digital economy and our digital single market to grow. These rules make people feel comfortable about using new technologies and services. We need a framework for privacy that protects individuals and boosts the digital economy.”
The central contradiction nestles between thought and action. Currently, there are inadequate reporting and compliance strategies being deployed by too many organisations. Further, they do not have the means to protect and deflect assaults on the data they store.
Leaving aside the weird concept of “our digital single market”, Commissioner Reding’s words surely give little comfort to neither consumer nor business because they are vague, offering no technology solutions and without a timetable.
This means that they are just this side of dirigiste. It would help if the EU Commissioners used the internet to connect with each other and exchange knowledge about what is need in the changing sphere of network security. Then discuss this with us.
Organisations and voters need clear advice on the best ways to protect their information and privacy. The EU and every nation state have been remiss in offering this advice.
Meanwhile, the EU is also negotiating a data protection agreement with the United States. Best of luck with that, people.