With their summer recess now well and truly over, European policymakers are turning their attention toward modernizing the data protection framework for the Single Market.
This week in Brussels, the European Parliament’s Civil Liberties, Justice, and Home Affairs (LIBE) Committee is holding an inter-parliamentary hearing to solicit input from the Member States on the draft Data Protection Regulation released in January. Also this week, BSA is speaking at the Annual Privacy Forum 2012 in Limassol, Cyprus, where the Cypriot Presidency of the EU is hosting a series of discussions with stakeholders including the European Commission, ENISA and others.
These discussions are being closely watched as Europe’s rules set the tone for similar privacy debates happening far beyond EU borders. At issue is how to protect data in an evolving technological environment.
BSA member companies know that technology is a demand-driven business. Users know what they want and they use their choices to drive information service providers and software developers to adapt. This goes to the heart of our view on data protection: user trust is a company’s greatest competitive advantage. User privacy is not simply a matter of compliance; it’s also a market differentiator.
These same considerations apply to the rules for privacy: how information is produced, saved, stored, shared, and compiled, needs to fit with what customers want. Companies must provide trusted data management and the tools and Internet experience users have come to expect in order to get and keep their business.
What is needed is not a rigid framework that acts as a “tick list” for privacy compliance in Europe; but rather, clear rules that ensure respect for the basic rights of individuals and enterprises while leaving “breathing room” for technological progress. If the rules are too prescriptive, they will undermine Europe’s privacy goals. New products and technologies that lie outside the specific parameters of the regulation will undercut European privacy goals by retarding technological progress and leave less choice for European consumers.
Companies will continue adapting to user demand, and products and services will evolve. The way in which privacy protections are delivered will need to evolve as well.
It’s also important to recognize that data protection is not a one-way street. The most secure and transparent system is only as good as the person who is using it. Users must be educated about their online activities, the data they expose, and to whom. No amount of technological protection can compensate for careless or reckless online behavior. Users must take responsibility for being smart about the information they share and where they share it. They must also take responsibility for using the basic tools that companies provide to give consumers control, such as anti-virus software. This is the critical concept of shared responsibility.
We fully support modernization of the privacy rules in Europe and will continue to be active participants in helping Europe to meet its privacy goals. I hope we arrive at a framework that is forward-thinking and future-proof, and which sets realistic expectations for all parties where shared responsibility is at the core.