Is data protection regulation one more step towards a digital single market?
MEP and former European commissioner Viviane Reding talks data protection and why economics trumps feminism.
When it comes to EU policymaking, Viviane Reding is a genuine veteran. Before joining Romano Prodi's team of Commissioners in 1999 for culture and education, she had spent a decade as a member of the European Parliament.
Five years later, when José Manuel Barroso became President of the European Commission, Reding remained, this time as information society and media Commissioner. In 2010, when Barroso embarked on his second term, she was promoted to Commission Vice-President, in charge of justice, fundamental rights and citizenship.
In 2014, she left the college to return to being an MEP. European Commission sources tell the Parliament Magazine she was one of the most popular Commissioners; pre-signed photographs of Reding were regularly printed out and sent out to those who requested them. The only other member of the college with a similar approach was President Barroso.
Reding has spearheaded many important legislative endeavours during her career, a number of which continue to keep the current team of Commissioners busy. These include the capping of roaming charges within the EU, the introduction of the '.eu' domain name and the telecoms package.
Last month, following years of discussions, one of Reding's landmark proposals was finally adopted by Parliament; the general data protection regulation (GDPR). Tabled by the Luxembourgish deputy in 2012, the GDPR sets out to establish a single set of data protection rules across the 28 member states, to the benefit of both citizens and businesses.
The previous rules, Reding points out, had been in place since 1995, before the internet became such an integral part of our daily lives. In addition, the rules were a directive, not a regulation, allowing each member state to tailor the guidelines to their national needs.
As a result, she says; "Small companies had huge difficulties realising the benefits of an internal market, because the different laws often threw up contradictions."
At that time, she already had plans in mind for a digital single market, now one of Team Juncker's flagship initiatives. "For this, you need to do away with barriers and open the market."
Like any legislative proposal, the GDPR was met with some opposition. According to Reding, this mostly came from large tech companies outside Europe, "who thought it was much better not to have any rules that could be applied. They saw the environment in Europe as a free-for-all."
This system overly penalised European companies; while non-EU firms did not have to observe or abide by any rules, French companies had to follow French laws, German companies had to apply German laws and so on, making it difficult for them to compete.
This resulted in a fierce battle with US tech lobbies, "one of the fi ercest Europe had ever seen. It was really the first time that American lobbyists came to Europe. They tried to stop the Commission from putting legislation on the table and there was fierce debate in the college. Later, they tried to heavily intervene in Parliament, placing MEPs under enormous pressure."
Reding is in a virtually unique position, having worked closely with European deputies as a member of the Commission on the data protection package, then joining their ranks before it was adopted.
What was that experience like? The former Commissioner insists it was a smooth transition, because, "Parliament understands its responsibility towards citizens, something that national governments sometimes do not."
By the time she re-joined Parliament, the trilogues were about to start - or were they? She recalls that; "Governments were much more open to being lobbied than MEPs, and industry was trying block the legislation. Therefore, behind the scenes I had to work to maintain a sense of urgency."
"Fortunately, the rapporteur appointed in 2012 - Jan Albrecht - was re-elected to the Parliament in 2014 and continued as rapporteur. This was a real asset, since he knew the text and all the lobbyists; he had seen all of them at least 100 times already. If we had needed a new rapporteur, I am not sure the regulation would have yet been finalised."
These new rules will undoubtedly better protect our privacy online; companies that breach them face steep fines, up to four per cent of their global turnover. However, do we really know and understand what information we share online and how it is used and re-used?
"The general population feels very insecure about what is done with their private data," says Reding. "More than 70 per cent of people do not trust the way their data is used. But do they behave accordingly? Not so much."
Member states have two years to implement the new regulation. Reding underlines that data protection authorities are acutely aware that they will need to use this time to undertake information campaigns.
There will be one data protection authority in each member state, rather than a central European one, allowing people to fi le complaints in their own country and in their own language. The data protection authorities will also be in charge of informing companies of the new rules, "so that they know what is at stake."
You could say that, in a way, the general data protection regulation is Reding's baby. So, after four years of hard work and dedication, what is her next personal project? One thing at a time, she says; "The legislation may have been passed, but now it needs to be implemented. It will be very important to follow up on this over the coming two years. In addition, this legislation provides the basis for something I have wanted to see for years; the digital single market."
Thanks to these new rules, she explains, companies large and small will enjoy a level playing field. "This legislation eliminates barriers. Now, a start-up in Brussels can reach the entire European market, under a single law. Once this is implemented, it could give a real push to the digital single market."
However, rules are not enough, warns Reding. Europe also needs stringent reforms, including when it comes to its infrastructure and telecoms. It should also look to export its 'gold-standard' rules worldwide, she says.
Indeed, Europe may have just adopted ground-breaking data protection standards, but are these really compatible with the new 'privacy shield'? This EU-US data sharing agreement was introduced earlier this year by the European Commission, with the intention of replacing 'safe harbour', which the European Court of Justice (ECJ) deemed invalid. Reding scoffs at the notion that the privacy shield is superior to its predecessor.
"I think the same as I thought when I was Commissioner. I did not sign the new safe harbour adequacy rule in 2014 because the whole question of national security was not proportionate. It is a horizontal exception that trumps everything else."
She concedes that it has brought about some improvements, such as better behaviour on the part of companies and allowing regulators more control over that behaviour.
Ultimately, however, the ECJ's main issue with safe harbour - the pre-eminence of national security concerns over everything else - still applies to the privacy shield. "You can call it by another name and give it fresh colours, but the problem has not been solved."
Clearly, by serving as Commissioner for over a decade, Reding worked on more than just data protection.
Another legislative initiative she will be remembered for was the introduction of gender quotas for women on company boards. She underlines that 60 per cent of university of graduates are female, but only a fraction of them end up in high-ranking positions. "It makes no sense to lose out on female talent."
Parliament, she notes, was quickly on board with the idea of gender quotas, adopting it with an overwhelming majority. “Yet as always, who is blocking the legislation? The Council." The package has been on standby since 2012.
Nevertheless, there has been lively public debate on the topic, with some member states having chosen to implement their own national laws. This has meant that even without EU-wide rules, quotas have been introduced in certain countries.
In France, Reding is proud of the fact that since her proposal, women now make up 36 per cent of company boards - a 24 per cent increase. Italy, too, witnessed a 24 per cent increase, with women now making up 29 per cent of board members. Although these numbers are certainly not ideal, they are better than nothing.
Importantly, highlights Reding, she never used the dreaded 'F' word- feminism - to demonstrate the validity of her proposal. "That would have been unfair to women. I always argued this from an economic point of view. The main thing is that we are losing out on talent that society has educated. In addition, companies with women on their board have much better financial results than those with all male boards."
Unfortunately, "governments can be awful sometimes. It also has to do with a mentality change. Nevertheless, Parliament has always been, and will continue to be a helping hand."
Although big-ticket technology announcements were largely absent from the chancellor’s speech, the Budget contained a number of initiatives and investments in digital and data
After being hit with enforcement notice, the London force is working with the regulator to improve its practices
Yoshitaka Sakurada has responsibility for protecting the technology to be used at 2020 Olympics
The UK will be shut out of many European networks and databases over the next few years – and will have to pay the EU for access in the meantime, under terms of Brexit deal
With the annual worldwide cost of cybercrime set to double from $3tn in 2015 to $6tn by 2021, BT offers advice on how chief information security officers can better protect their...