How the world pro­tects your per­sonal data

More than 120 coun­tries have data pri­vacy laws and many of the mod­ern reg­u­la­tions tend to be based on com­mon el­e­ments

Daily Messenger - - National - By Vera Jourova

The re­cent Face­book Cam­bridge An­a­lyt­ica scan­dal made us re­alise why strong data pro­tec­tion rules are im­por­tant for the so­ci­ety as a whole, in­clud­ing for the very func­tion­ing of the demo­cratic process. Th­ese and other de­vel­op­ments have shown that the pro­tec­tion of pri­vacy is not only a cen­tral in­di­vid­ual right and a demo­cratic im­per­a­tive, but also as an eco­nomic ne­ces­sity. With­out con­sumers’ trust in the way their data is han­dled, our data-driven economies will not thrive. The Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR), which came into force on May 25, is the Euro­pean Union’s re­sponse to th­ese chal­lenges and op­por­tu­ni­ties. It seeks to cre­ate a vir­tu­ous cir­cle be­tween bet­ter pro­tec­tion of pri­vacy as a fun­da­men­tal right, en­hanced con­fi­dence of con­sumers in how the pri­vacy and se­cu­rity of their data is guar­an­teed, in par­tic­u­lar in the on­line world, and eco­nomic growth.

While build­ing on foun­da­tions that have been in place for more than 20 years, un­der the di­rec­tive of 1995, the GDPR con­tains im­por­tant in­no­va­tions. Many of th­ese changes are rel­e­vant to for­eign com­pa­nies do­ing busi­ness in Europe. They will now of­fer their goods and ser­vices in a har­monised and sim­pli­fied reg­u­la­tory en­vi­ron­ment. In­stead of hav­ing to deal with 28 dif­fer­ent data pro­tec­tion laws and 28 dif­fer­ent reg­u­la­tors, one set of rules will ap­ply and will be in­ter­preted uni­formly through­out the con­ti­nent. Obli­ga­tions to no­tify data pro­cess­ing op­er­a­tions or prior-autho­ri­sa­tion from data pro­tec­tion au­thor­i­ties will be scrapped. A num­ber of key con­cepts are clar­i­fied and adapted to the needs of the dig­i­tal econ­omy. In­ter­na­tional data trans­fers from the EU will be sim­pli­fied and fa­cil­i­tated. All this will mean in­creased le­gal cer­tainty and a sig­nif­i­cant re­duc­tion in com­pli­ance costs and red tape. Based on mod­ern ap­proach

The GDPR is also based on a mod­ern ap­proach to reg­u­la­tion which re­wards new ideas, meth­ods and tech­nolo­gies to ad­dress pri­vacy and data se­cu­rity. The prin­ci­ples of data pro­tec­tion “by de­sign” and “by de­fault” will cre­ate in­cen­tives to de­velop in­no­va­tive so­lu­tions from the ear­li­est stages of de­velop- ment. The so-called “risk- based ap­proach” means that com­pa­nies that limit the level of risk of their pro­cess­ing op­er­a­tions will not be sub­ject to a num­ber of obli­ga­tions. Co-reg­u­la­tory tools, such as codes of con­duct or cer­ti­fi­ca­tion mech­a­nisms, are in­tro­duced to help com­pa­nies man­ag­ing and demon­strat­ing com­pli­ance. New rights and safe­guards, such as the right to porta­bil­ity or the no­ti­fi­ca­tion of data breaches, will put in­di­vid­u­als in bet­ter con­trol of their data. Em­pow­er­ing con­sumers means also en­sur­ing that they feel safer and more confident when shar­ing their data. Th­ese are just a few ex­am­ples of how the ef­fec­tive pro­tec­tion of a fun­da­men­tal right can go hand in hand with un­leash­ing the full po­ten­tial of the dig­i­tal econ­omy.

Th­ese de­vel­op­ments are of course not limited to Europe. To­day, more than 120 coun­tries, from al­most all re­gions of the globe, have data pri­vacy law in place. And many of the new or mod­ernised laws tend to be based on com­mon el­e­ments: a com­pre­hen­sive leg­is­la­tion (rather than sec­to­rial rules), a set of en­force­able rights, the set­ting up of an in­de­pen­dent su­per­vi­sory author­ity, etc. While im­prov­ing the level of pro­tec­tion of per­sonal data when trans­ferred abroad, this de­vel­op­ing con­ver­gence of­fers new op­por­tu­ni­ties to fa­cil­i­tate trade as well as cooperation be­tween pub­lic au­thor­i­ties, both of which in­creas­ingly rely on the ex­change of per­sonal data.

The Euro­pean Com­mis­sion is com­mit­ted to in­ten­si­fy­ing its di­a­logue with its global part­ners in this area, to pro­mote and de­velop el­e­ments of con­ver­gence be­tween pri­vacy regimes. This in­cludes the pos­si­bil­ity of adopt­ing ad­e­quacy find­ings al­low­ing un­hin­dered data flows, as cur­rently be­ing dis­cussed with Ja­pan and South Korea. It in­volves con­tribut­ing to the elab­o­ra­tion of much-needed in­ter­na­tional stan­dards such as in the frame­work of the Coun­cil of Europe’s Convention 108 which has an in­creas­ingly univer­sal mem­ber­ship. Fos­ter­ing con­ver­gence also means learn­ing from each other through the ex­change of ex­pe­ri­ence and best prac­tices. This type of di­a­logue is es­sen­tial in our in­ter­con­nected world if we want to ad­dress chal­lenges that are in­creas­ingly global in na­ture and scope.

Newspapers in English

Newspapers from Pakistan

© PressReader. All rights reserved.