Europe has no unified digital market because it has effectively 27 conflicting sets of data protection rules, impeding retailers who want to reach Europe’s 500m citizens, the European Union’s Justice Commissioner Viviane Reding told Siliconrepublic.com. Reding is proposing a single set of data rules for the EU.
Reding is also proposing a ‘one-stop-shop’ for data protection that will make Europe a more attractive place to do business.
At present, European businesses have to deal with 27 regulators with different reporting requirements.
Overall, the reform is expected to save businesses in Europe €2.3bn a year.
Reding was in Dublin yesterday ahead of Ireland’s six-month stewardship of the European Union next year.
Her presence in the city came just days after Ireland’s data protection commissioner concluded an audit of Facebook’s privacy measures on the foot of a series of complaints lodged last year by students in Austria. The audit resulted in Facebook making a number of changes to its social network, including turning off tag suggest/facial recognition features.
Reding said that creating a single set of rules and a one-stop shop for businesses will not only mean more legal certainty and reduced cost, but it may finally help create a single European digital economy.
“We have no digital market, because simply we have 27 different sets of rules and companies that want to serve the whole of EU – 500m potential consumers – have to adapt to 27 different conflicting rules,” Reding said.
“That is the reason we have not really managed to set up a real digital internal market which would be an extraordinary force for Europe to do so. And that is the reason why we need to eliminate this fragmentation – one continent, one set of rules and one data protection authority who is responsible for applying these rules.”
I asked Reding how satisfied she was with the progress of the audit of Facebook by Ireland’s Data Protection Commission.
“It was an interesting experience. A group of students in Austria were feeling very upset with Facebook and trying to get their right, whatever they think is their right, that’s another story. They were savvy, English-speaking people who knew the law.
“But imagine an ordinary citizen in Austria who has done nothing but complain in the right way which means that the national regulator with Austria together with the regulator in Ireland where Facebook is located will be collaborating together.
“Tomorrow this will be an actual way to do it – but it will be much easier because it will be according to one law. It doesn’t matter if they are in Ireland, France or Spain – the same law will apply and the regulator will apply common European law, swiftly, right and fair.”
Can data protection rules keep pace with innovation?
I point out to Reding that the speed of innovation in technology will constantly present new challenges to data protection and privacy. She points out that flexibility is critical.
“Absolutely, and we see these bright inventors are everywhere and fortunately they invent gorgeous services. We have to see that these gorgeous services stay gorgeous and don’t get out of hand. That’s why there is one rule for one continent. And reinforcement of the data protection authorities so that if a company doesn’t behave they will face high sanctions so the company will think twice before misbehaving.
“Before a sanction can be put on a company, of course the company has to come to terms with the national regulation office. We try to make the rules as flexible as possible because we do not need to change the rules every six months because there is another genius who has invented a new service. So the rules have to be flexible enough to be adapted to whatever new service will be invented in the future.”
I point out to Reding that it seems there will always be friction and innovators and inventors may contend that the rules aren’t keeping pace.
“We believe that the online world has a great future and is a great business model and is also something the citizens like. But if the citizens feel more and more threatened and feel there is a misuse of their personal data they will not trust it anymore and will keep the data for themselves.
“These companies need the data; it is their bloodstream to develop their companies and that is the reason why we are introducing simple, understandable rules to make citizens feel they can be secure and they can trust those companies.
“It is absolutely essential to have this win-win situation to have rules that are flexible enough for companies to develop products and citizens who trust the company enough to give their data to the company,” Reding said.