The EU is introducing the gold standard in data protection rules this May, and countries outside the bloc are looking to Europe for inspiration, writes Věra Jourová.
Věra Jourová is the European Commissioner for Justice, Consumers and Gender Equality.
Recently, I rewatched one of my favourite films, the original 1960s version of The Italian Job. Watching it in 2018 made me realise two things: one, how much masked, gun-toting thugs have been replaced by geeks with laptops. And two, that for today’s criminals, banks are no longer necessarily the most tempting target available.
Data is the new gold of the 21st century. It is the most valuable resource in today’s economy, as well as being essential to our daily lives. We share personal data hundreds of times a day, on everything from banking details and shopping habits to holiday pictures and medical records.
There can be serious repercussions if criminals get hold of this data: intimate details of your personal life or your medical history could be disclosed and identity theft is becoming easier. Recent massive data breaches such as those caused by the WannaCry, Meltdown and Spectre attacks, or the Uber case, remind us of this new reality.
As of 25 May, roughly 100 days from now, strong new data protection rules will apply all over Europe. It is just about time. The current EU data protection rules date back to 1995, some 23 years ago, when nobody had heard of Facebook or Instagram. The modernised rules are fit for the digital age and will help people to regain control over their personal data.
People will have the right to be informed in case their data has been hacked. It will be easier to transfer personal data between service providers. Companies will no longer be able to hide behind legal jargon but will have to give us clear and understandable information on how personal data is being processed. And we will even have, under certain conditions, the right to remove links leading to personal information about ourselves, the “right to be forgotten”. Finally, the new rules will have teeth. With possible sanctions of up to 4% of annual turnover, we can expect even global players in the IT world to play by the rules.
These modernised rules have not only been crafted to better protect European citizens’ personal data but also to offer more opportunities in a real digital single market of data flows and greater flexibility for businesses to innovate. With one set of identical rules in the EU – instead of a fragmented market with 28 different regimes – businesses should save a significant amount of money and benefit from greater legal certainty. And there is a lot of flexibility built into the new rules for small and medium enterprises.
We are introducing the gold standard of data protection in the world. I am proud that our data protection rules increasingly serve as a reference point and a source of inspiration for other countries and regional organisations, when creating or adapting their own data protection legislation. We are currently in negotiations with Japan and South Korea on data protection and there is a good chance that we will come to agreements with them in the near future, allowing free flow of data between our economies.
In today’s – and tomorrow’s – world, the way we handle data will determine to a large extent our economic future and personal safety. We do good to get ready, take the risks seriously and make use of all the opportunities out there. The new European data protection rules will be a strong basis for this endeavour.