Tweet Data

Making Sure the EU’s Next Step on Privacy Is the Right One

In one of the most significant steps on data privacy in recent years, the European Commission is set tomorrow to put forward a comprehensive plan to reform the EU’s data protection rules.  As a starting point in this long process, the Commission should be lauded for tackling one of the most critical issues of the digital age.  At the same time we urge the Commission to refrain from adopting the overly prescription approach embodied in this draft which we feel would thwart access by EU member’s citizens to the full array of the most exciting products and services the digital economy has to offer.

The Commission’s effort accomplishes many long-overdue improvements to the EU’s current data privacy regime.  It will replace the current overlapping – and often contradictory – system with a single set of rules that applies in all EU member states and covers all types of businesses.  These changes will enable a more-unified Single Market within the EU and reduce confusion for both enterprises and consumers.

But other elements of the EU proposal threaten to undermine those very constructive goals.  Certain elements of the data protection framework, including the “right to be forgotten,” are troubling because implementation will be complex both as a matter of how the technology works and also in terms of aligning with existing laws.  Still others – including the draft regulation’s provisions on breach notification, administrative sanctions, and even the definition of personal data – will require significant clarification in order to understand their potential implications.  Many of these problems stem from the underlying premise that addressing privacy concerns requires sharp prescriptive rules.  In dynamic digital environments, such snapshot-in-time prescriptive rules could chill innovation and digital progress.

We believe in addressing privacy with a flexibility that is commensurate with the rapidly changing digital environment. By focusing too sharply on the narrow issues of today, the EU runs the very real danger of adopting a privacy regime that will be outdated tomorrow and forsake the “future-proof” framework that the European Commission intends to create.  That approach is good for no one.  Neither for the businesses that will be constrained in their ability to grow and benefit the economy, nor for EU consumers who will be deprived of the full range of products and services that would otherwise be available.

Privacy is a vital component of the technologies that have become so integral to our daily lives, and the European Union is right to stress companies’ responsibility to clearly describe and take responsibility for how users’ data is being collected and used.  BSA member companies each already fully embrace the duties that emanate from data stewardship.  They have each implemented comprehensive privacy policies, which they update regularly as to reflect users’ and customers’ needs and the companies’ ever-evolving software, computer and cloud services.  BSA members believe this approach is essential to ensure that individuals can make informed decisions about the firms with which they share their most intimate information.  This mutual trust between companies and their customers is one of the most relevant and crucial aspects of the Digital Age.

But our privacy expectations and the ways in which companies will use data to improve our lives is not a static environment.  Consider, for example, the growth in social media in the past few years.  A method of communicating that was – when the EU last considered its privacy rules – largely limited to conversations over coffee has exploded into an internet-enabled phenomenon that allows users to communicate with people around the world in a matter of a few simple keystrokes. 

Good privacy law will allow that growth to continue, and it will be built around a reasonable standard of privacy that focuses on the context in which information is shared.  To do otherwise would threaten to lock us into the static world of today – and to bar the progress of tomorrow.

The world is at a critical turning point in the continued evolution of technology, and the European Union has the opportunity to capitalize on this new era.  It should do so by embracing privacy considerations that are dynamic and flexible and will ensure users have access to the full range of new and exciting digital technologies.

Robert Holleyman


As President and CEO of BSA | The Software Alliance from 1990 until April 2013, Robert Holleyman long served as the chief advocate for the global software industry. Before leaving BSA to start his own venture, Cloud4Growth, Holleyman led the most successful anti-piracy program in the history of any industry, driving down software piracy rates in markets around the world.

Named one of the 50 most influential people in the intellectual property world, he was instrumental in putting into place the global policy framework that today protects software under copyright law. A widely respected champion for open markets, Holleyman also was appointed by President Barack Obama to serve on the President’s Advisory Committee for Trade Policy and Negotiations, the principal advisory committee for the US government on trade matters.

Holleyman was a leader in industry efforts to establish the legal framework necessary for cloud-computing technologies to flourish. He was an early proponent for policies that promote deployment of security technologies to build public trust and confidence in cyberspace. And he created a highly regarded series of forums for industry executives and policymakers to exchange points of view and forge agreements on the best ways to spur technology advances and promote economic growth.

Before heading BSA, Holleyman was a counselor and legislative adviser in the United States Senate, an attorney in private practice, and a judicial clerk in US District Court. He holds a bachelor’s degree from Trinity University in San Antonio, Texas, a J.D. from Louisiana State University, and has completed the Stanford Executive Program at the Stanford Graduate School of Business.

1 thought on “Making Sure the EU’s Next Step on Privacy Is the Right One”

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + six =