So runs the old adage, 'time and tide wait for no man'. It can be equally applied to technology and its tendency to outpace regulators, in Europe and elsewhere. Two billion people carry smartphones in their pockets, many of which have the processing power of a 1990s supercomputer. Innovation in the form of big data, the internet of things, cloud computing and artificial intelligence have great potential to enhance our lives, whether in preventing the spread of epidemics or reconnecting with lost school friends.
The advances in globalisation are fuelled by the speed, volume and variety of information flows, much of it personal. Some of this information has been volunteered freely. However, with the rapid proliferation of networked devices, from wearable tech to smart cars and fridges, more and more data is being collected and assimilated without knowledge of users.
"Europe's unique selling point […] is that we place the individual and human dignity at the core of our rulebook"
Twenty years ago the European Union recognised the value of these data flows to the internal market when it adopted the data protection directive, with the aim of facilitating, not hindering, the sharing of information. As the directive makes clear, data processing is meant to serve citizens, irrespective of their nationality or residence. Europe's unique selling point in the increasingly vigorous global debate on privacy, digital rights and data protection is that we place the individual and human dignity at the core of our rulebook, their fundamental right to privacy, data protection, and progressing economic and social progress, whether as citizen, consumer or entrepreneur.
Sound data protection rules do not put a brake on economic and technological progress; instead they allow the harnessing of creativity and ensure that it happens in the interests of the individual. Reform of the current data protection framework finally seems to be gaining real momentum.
The European data protection supervisor (EDPS) wants the EU to embrace big data, by offering equally big protection. Our new strategy for 2015-2020 proposes a new deal for data protection in the EU and beyond. We want to see data protection which is digital, global and practical.
Data protection must go digital because trust in those who handle personal information has been severely damaged by revelations of mass surveillance and by the opaque practices of data-hungry companies. We can begin to fix this by embedding transparency, user control and accountability in technological development and legal reforms. Whoever handles personal information must be much clearer about who is responsible for collecting and using that information, why, how and for how long they intend to do so, and with whom they will share the information.
Individuals are entitled to know the logic used by algorithms to determine assumptions and predictions about them. Citizens are entitled to know what is really meant by catch-all expressions like national security and serious crime, which are used to justify wholesale interference with fundamental rights.
"Citizens are entitled to know what is really meant by catch-all expressions like national security and serious crime"
Data protection must also go global, because while most laws are national, information is not. The EDPS will urge Europe to speak with one voice and build new global partnerships to develop common ground on basic principles. Better dialogue with industry and civil society is essential for fair and balanced international cooperation, particularly transatlantic agreements on trade and law enforcement cooperation. There must be no back doors for escaping obligations towards individuals whose information is being processed.
Finally, data protection needs to be practical to enable those who must be compliant with the rules to understand them, and to the individuals whose interests the rules aim to protect. Neither businesses nor consumers benefit from burdensome obligations. As we approach a critical phase in the negotiations between the European parliament and the council on data protection reform, our role as an advisor to the institutions will be to drive forward progress and to help identify pragmatic solutions which will be relevant for the next 20 years.
This new deal for data protection will require closer cooperation with national level data protection authorities. It will require straightforward language to make technical and obscure issues accessible for non-experts.
Europe has a once-in-a-generation opportunity to be at the forefront in shaping a global standard for privacy and data protection, which is future-oriented and inspiring and which tackles head-on the legal and ethical consequences of new technologies, business models, international data flows and state surveillance techniques. The EDPS' vision is for Europe to lead by example as a beacon of respect for digital rights, in practice and in legislation.