Telefónica Senior Advisor, Chair of ETNO WG on Data Protection, Trust & Security
Today we are celebrating the 10th edition of the Data Protection Day.
Why on 28th January? This date was decided by the Committee of Ministers of the Council of Europe in 2006 and marks the anniversary of the opening for signature of the Council of Europe’s Convention 108 for the Protection of individuals with regard to automatic processing of personal data (CoE Convention 108), opened for signature by the Council of Europe on 28th January 1981.
CoE Convention 108 was the first legally binding international law in the field of Data Protection and over 30 years has been a cornerstone of data protection principles worldwide. Currently, the Data Protection Day -also called Privacy Day- is celebrated not only in Europe, but also in Canada and in the United States.
Every year, the Data Protection Day is the occasion for Data Protection Agencies, Public Administrations, European Institutions and private sector to organize awareness-raising campaigns.
In the last years, European Commission has been very active in “adverstising” its work in the field of data protection, stressing the importance of the modernisation of the EU data protection rules in order to catch up with the requirements and expectations of the digital age. Today, once the comprehensive reform package that the Commission proposed in 2012 has been agreed upon by EU Co-Legislators, the Data Protection Day has more sense than ever.
Once the agreement on the new rules on data protection has been achieved, other issues require full attention:
- Transatlantic data flows, a much broader picture than Schrems or Safe Harbour as in light of today’s globalized economy and society, where international transfers of data are not an exception, but the general rule, citizens, companies and Data Protection Agencies need streamlined and sustainable solutions allowing transfers of data while ensuring “adequate” levels of protection.
- Big Data Analytics as a catalyst for economic growth in the form of Cloud services, the Internet of Things or research and data mining, as stressed by the Digital Single Market Strategy. Back in 2014, the Podesta Report to President Obama already presented some recommendations to encourage the potential of Big Data technologies while minimizing risks to privacy and fundamental values. Its subtitle “Seizing opportunities, preserving values” remains valid and more relevant than ever at both sides of the Atlantic.
- Access to personal data for Law Enforcement and Surveillance purposes. In the fight against terrorism, LEAs and Intelligence Agencies are eager to monitor communications and Internet activity of any person suspected of links with terrorism.
- Encryption. Encrypted traffic apparently protects privacy, but it limits the ability of telecom operators to manage networks and endangers public service obligations. Furthermore, opaque proxies could facilitate vertical integration of the dominant companies in Internet.
- Review of the ePrivacy Directive. A clear framework for confidentiality of communications is necessary as this is an integral element of the right to privacy, which governs all services enabling communications, not only providers of publicly available electronic communications. This issue was stressed by the European Data Protection Supervisor (EDPS) last summer: “This must be done by means of a legally-certain and harmonising regulation which provides for at least the same standards of protection under the ePrivacy Directive in a level-playing field”. Otherwise, the reform package will be incomplete. The review of the ePrivacy Directive needs to achieve the necessary level playing field that the General Data Protection Regulation (GDPR) has not achieved. Indeed, the GDPR has missed a unique opportunity to achieve a fully technologically neutral legal framework and as long as the ePrivacy Directive coexists with the GDPR, there will be no real level playing field. And this level playing field is necessary not only for all businesses to compete on equal footing but for customers and citizens, so that their personal data is granted the same level of protection, regardless of the geographical location or the economic sector of the service provider (“same services, same rules”). The review of ePrivacy Directive will give a second window of opportunity to achieve a framework, technologically neutral, future-proof and flexible enough to allow the development of new services in Europe while maintaining Europe’s high standards in the protection of personal data.