The GDPR is not a European legislation like others. Proof of this is that you have probably heard about it, especially by the wave of “changes in terms and conditions of use to comply with the GDPR” that invaded your mailbox during the past weeks. And for good reason: the rights it creates for the citizens and the obligations it demands to the business companies and associations oblige everyone to bring themselves up to date.
We are then talking about Europe without the Commission spending millions in a communication campaign, with no heads of state’s meetings in Brussels, and with no online petition to defend unpasteurised camembert against the attacks of unelected Eurocrats. This is already a revolution in itself. However, this is only a tiny part of the ambitious European policy for the protection of our private life.
Private life: a fundamental right
In Brussels, as in any capital where legislation is discussed, the words have been agreed: “we have to protect consumers without restricting the companies’ capacity to innovate”. Most of the legislation regulating the economic sector is generally a compromise between these two injunctions: consumer protection and innovation, the synonym of business growth and therefore, economic growth.
The debate on personal data protection frees itself from this binary axiom for a simple reason: the protection of private life and the protection of personal data are established by the Charter of Fundamental Rights of the European Union. They are respectively established in articles 7 and 8 between right to liberty and security and the right to marry and to found a family.
Other considerations – such as economic ones – than the ones on fundamental rights are thus coming after. The GDPR is actually a practical tool putting into practice the principles established by our Treaties. This is a strong message sent to all Europeans: your fundamental rights will be respected, and the European Union is their guarantor.
Restoring confidence in new technologies?
Does the secondary nature of the economic aspect when one talks about fundamental rights mean that the GDPR harms European economy? Despite the exaggerated protests from the opponents of the regulation during the debate, the new technologies sector in Europe could actually benefit from it.
In the absence of regulation, new technologies could not gain the users’ confidence, dulled by repeated scandals (Prism, Cambridge Analytica), cyberattacks and data leaks (Yahoo, WannaCry). According to a Harris Interactive barometer (a French polling organization) whose last edition was published in December 2017, confidence in online services has remained constantly weak since 2009. The main fears quoted by the respondents concerning their personal data were their use for commercial purposes and the risks of hacking.
As the business companies didn’t manage to provide sufficient guarantees, the legislator naturally took up the issue to restore confidence, essential factor to ensure the development of new technologies. The GDPR should not be considered as a constraint for the companies. It is essential for the consumers to adopt their future services. The regulation’s requirements are a chance, they give a bonus to those who comply with it. Even more than the foreseen fines and sanctions, the regulation will lead to differentiating good and bad pupils, potentially with an unprecedented impact on the consumers and companies’ decision when choosing the services to which they subscribe. Respecting private life would not only be a constraint, but on the contrary, a commercial argument.
The European Union, global leader of digital regulation
The most remarkable element of the new European rules might be their range. The regulation applies to data processing operated by any organisation (business company, association, etc.) carrying out an activity in the EU and to personal data processing that concerns individuals located in the EU territory. Any company wishing to provide digital services on the EU market will thus have to comply, wherever it is located, instead of taking the risk of not getting access to a market accounting for 500 million consumers.
However, the GDPR’s impact will actually be broader. For many companies, it is more coherent to apply GDPR’s rules to all their activities, worldwide. This can be motivated by the fact that establishing two different systems according to the data’s origin can turn out to be more expensive, or in order to ensure more legal certainty. Nevertheless, reading Microsoft’s communiqué, which decided to apply the European rules of data protection to all their users, we are soon aware that this is a communication argument. How would Microsoft justify to their customers outside of Europe that they would be second-class users?
The European Union is currently defining global standards of online regulations. After taxing global web giants from the angle of competition, the EU now obliges them to respect the citizens, and not only in Europe. The feat is that it does not depend anymore on the will of a particularly determined commissioner such as Margrethe Vestager. The EU provides its citizens with the means to defend themselves in court. They can directly use the regulation and assert their rights, and can do it in groups, via joint actions if necessary.
A way forward for the future of the European project
Of course, the protection of private life is an unfinished process. The European regulation ePrivacy, currently under discussion at the Parliament and the Council, will soon reinforce the protection of electronic communications. The development of new technologies such as blockchains or artificial intelligence will certainly require to adjust the regulation, but these are also opportunities to improve it.
The European project was created to ensure peace, and was deepened to contribute to economic prosperity. For this project to keep going, it has to protect the citizens. The protection of our private life is thus an essential step for the much-needed reconstruction of the European Union.
Follow the comments:
|
