Vivane Reding via Olivier Ezratty/Wikimedia Commons
Revelations about the extent of the NSA’s surveillance capabilities and interests pissed off not only American citizens but also the citizens and leaders of America’s allies abroad. It’s understandable enough, since most of the protections from the NSA’s prying eyes are only afforded American citizens, and even then, imperfectly.
In response to the widespread discomfort of its citizenry, and also in the interest of defending data as “the new currency", the European Union is committing to passing a continent-wide data protection regulation.
“The revelations over the past months have acted as a wake-up call. People have been reminded of why data protection is important; of why a strong framework for the protection of personal data is a necessity, not a luxury,” said Viviane Reding, vice-president of the European Commission and EU Commissioner for Justice, in a speech this week.
The actual data reform law has been published since January 2012, but fears that legislation couldn’t keep pace with technology have, in a self-fulfilling prophesy, delayed the vote on it to October of this year. The "Regulation" as it is known extends the scope of EU privacy laws to include any companies offering services to EU citizens, even if the data controllers aren’t in an EU territory. Privacy agreements will have to be written more clearly, and companies will be required to uphold standards of security and protection and notify consumers in the event of data breaches.
Reding’s speech outlined data protection regulation, a single law with 91 articles that covers all 28 member countries, as means of empowering “the very people whose data fuels the digital economy,” whose trust in both government and private enterprises had been badly shaken.
After stating, “data protection is a fundamental right,” Reding also framed re-establishing that trust as an economic necessity, one crucial to continue growth. She cited the Boston Consulting Group, which valued the data of EU citizens' data at $426 billion in 2011, and noting that “it has the potential to grow to nearly $1.4 trillion annually in 2020.”
The US was mentioned a few times in the speech. Not only as the unwitting catalyst for reform, but also as an example of disorganization and uneven regulation, and a country that, while remaining a major trading partner, is going to have to be dragged into the 21st Century.
“There is also no single U.S. Federal law on data protection. Instead, a maze of State laws offers varying degrees of security and certainty,” Reding said. “In Florida, not a single law lays down a definition of "personal information". In Arizona there are five. The same goes for rules on security breaches. Some States have them, others don't.”
While Congress has dabbled in some sort of “privacy bill of rights,” it seems like reform is still a long way off. The EU acknowledged that “legislative progress on the U.S. side is important for Europe,” and Reding’s speech made it sound like the EU would try to lead the way for their American counterparts. “Once a single, coherent set of rules is in place in Europe, we will expect the same from the U.S.” said Reding.
Having a European example for, say, single-payer health care sure didn’t help that become the law, but good for them for trying, I guess. If EU citizens are safely covered by law and American companies change their practices to meet the new requirements in order to reach the European market, then potentially American legislators could see that the fabled innovative tech sector can be legislated without being stifled, we could see privacy reform on this side of the Atlantic yet.