For European Commissioner Věra Jourová the biggest achievement of the GDPR is that it equips Europe well to deal with the current and future problems, because it gives control to people over their data. In this interview leading up to European Data Protection Days, Jourová adds, that GDPR and ePrivacy are the perfect opportunity to inspire a global standard in terms of privacy.
European Commissioner Věra Jourová will hold the keynote on the first day of
this year’s European Data Protection Days (#edpd18) in Berlin (May 14-16).
Join data privacy experts from all over the world and
discuss the effect of GDPR and ePrivacy on how data will flow from May 25th.
Register now for #EDPD18
Interview with Věra Jourová,
European Commissioner for Justice, Consumers and Gender Equality
Mrs Jourová, 25th May 2018 marks the GDPR enforcement date – which are in your opinion the greatest achievements of the General Data Protection Regulation?
Věra Jourová: The recent scandals such as the Facebook / Cambridge Analytica are clear reminders of the risks related to our personal data. In 2016, European citizens were affected by 2 billion data breaches. The digital world lost its innocence in the minds of many of the Europeans.
I think the biggest achievement of the GDPR is that it equips Europe well to deal with the current and future problems, because it gives control to people over their data. Companies will no longer be able to use lengthy and complicated privacy policies to hide what they do with our data and get our consent.
People will also gain rights to access their personal data and move them from one services provider to another. And we have clarified the so called right to be forgotten, when the information about a person is no longer true.
So, I think it equips people well to deal with challenges of the 21st century.
But the GDPR is also good news for businesses. It will create one set of rules for the protection of personal data and facilitate the free flow of this data within the EU. Following its entry into application across all EU countries on 25 May businesses will benefit greatly from a single set of rules that will offer new opportunities in the Single Digital Market.
Regarding international data flows: Which are the most important chances and challenges from a European perspective?
Věra Jourová: Data is everywhere and the cross-border data flows have become a central feature of the digital economy. From people’s point of view, the challenge is to help guarantee that whenever personal data travels abroad, protection comes with it.
I strongly believe in our commitment to making sure that security, trade and protection of personal data go hand in hand with modernisation and innovation, both at European and global level.
Thanks to the GDPR, even if operating outside of the EU, if a company collects personal data in Europe it will have to respect European standards, which include clearer information when collecting personal data, which will prevent companies from hiding behind complicated legal language. I believe this is key in a globally connected world.
But we have also the opportunity to inspire a global standard in terms of privacy. From New Delhi to Buenos Aires, from Tokyo to Pretoria and now also from Capitol Hill to Silicon Valley, democratic countries are looking at GDPR for inspiration.
In 2016, we launched the EU-U.S. Privacy Shield to facilitate data exchanges with the U.S and are now in discussions with Japan and South Korea to finalise formal steps to allow the free flow of personal data between the EU and those countries. These exchanges fully respect our data protection.
So, we have a great opportunity to inspire the regulators all over the world with our vision of personal data protection.
GDPR versus proposed ePrivacy Regulation: Where is the right balance in your opinion?
Věra Jourová: In January 2017 the Commission proposed an update to the ePrivacy Directive to ensure stronger privacy in electronic communications, in particular by extending its scope to electronic communications, which were not covered by existing ePrivacy rules. This proposed update not only sought to address concerns of EU citizens over the protection of their personal data, but also to open up new opportunities for business by supporting innovation. It also aligned rules for electronic communication services to the new world-class standards of the EU’s General Data Protection Regulation, which will come into force on 25 May.
The introduction of updated ePrivacy rules will make it simpler for Member States to implement a uniform set of rules. GDPR, ensuring that individuals have better control over their personal information, will apply to the processing of personal data and where there are more specific rules set forth in the ePrivacy legislation business-to-business electronic communication or electronic communication between individuals will be regulated by the updated ePrivacy legislation.
The strengthened ePrivacy rules not only complement the GDPR, but also give citizens and companies additional specific rights and protections, such as the confidentiality and integrity of an electronic device (i.e. laptop, smartphone or tablet) and more control of their online settings, such as accepting or refusing the tracking of cookies and other identifiers in case of privacy risks.
I believe changes to ePrivacy and the implementation of the GDPR go hand in hand and will mean businesses and citizens will benefit from a fully-fledged and consistent legal framework for privacy and data protection across the EU, which will adequately reflect technological developments in the global digital world.