While policy makers and government show big interest and claim noble intentions – there is still a big gap between ambition and reality.
Many alarm bells are ringing across Europe for tech startups. From Berlin to Paris, and from Warsaw to Milan, thousands of innovative and ambitious startups are hustling every day. But are regulatory risks and threats overtaking their strength to grow? While policy makers and government show big interest and claim noble intentions – there is still a big gap between ambition and reality.
While our founders should be nurtured as the winning ingredient of Europe’s economy – startups create jobs three times faster than the rest of the economy – the reality of day to day life is that Europe’s innovators risk regulatory overkill. There is an unfortunate pattern in which the voice of Europe’s startup community is taken on board for more soft PR and window-dressing than allowed to the policy table at full extend. By nature, governments have a hard time understanding and catering for, companies of tomorrow.
Unfortunately too often, the Commission and Parliament are taking a destructive interest in tech rather than promoting the kind of companies they’d like to see. May this be privacy, data or competition related cases – the European Union policy makers should hold themselves to the same standards of positive and constructive rule making rather than playing the heavy handed enforcer. This is not a one off.
Aspects of the General Data Protection Regulation were the latest example of regulation which was conceived and designed with a prohibitive degree of complexity as well as a fair share of ignorance for technology. Examples like these with the hungry cry for more European unicorns don’t go well together. Digital Copyright is another chapter, where startups are caught up in the schizophrenia of policy makers. Sometimes they’re all about ‘stealing content and have to pay’ or they are ‘not concerned at all’. Across the board they are hoped to develop the artificial intelligence and machine learning Europe needs to compete with the US and China. Whether they can raise the funds or access the data they need is less of the EU’s concern.
The positive contribution of Europe’s tech startups needs to be far better understood and their perspective and insights listened to in a meaningful way by policy makers in Europe.
Europe’s mobile economy has been thriving and with it, Europe’s startup community. For instance, there has been a rapid growth of apps over the last decade, from less than 5,000 to over 2 million today. Compared to the US, Europe actually hosts more app developers. How does that sound?
Thousands of startups and businesses across Europe nurture their geniosity with the open source and architecture of the digital applications. Innovation is not limited to the software applications, new hardware manufacturers in Europe, like BQ, which has over 1000 employees near Madrid, or Fairphone, building a fully sustainable smartphone in the Netherlands, both using Android’s open source operating system. Open platforms, like Android but also Tizen, LineageOS or PostmarketOS enable new jobs and opportunities for developers in Europe too — in fact, there are estimates of roughly 2 million jobs created in Europe, with another 2 million-and-some closely associated to mobile development.
The mobile economy has not only fostered innovation, it has ensured strong competition amongst apps and app-stores. This isn’t just something that benefits companies and businesses. It ultimately enables consumers choose between a myriad of freely available solutions. Judging, reviewing and endorsing the best has given the consumer more power and voice than ever before.
Preserving an open mobile ecosystem to the benefit of consumers
After GDPR and copyright, this topic concerns the European Commission’s decision on the Android operating system which will, in one way or the other, impact the ability of startups and developers to thrive. Unfortunately so far, any government intervention has brought more complexity, legal or administrational effort, and ultimately trouble for tech communities. This makes it hard to see good things in the Commission’s actions.
Taking often far-reaching decisions about where such ecosystems for startups and developers are bound to go, policy makers need to be sure to have the full picture. Are actions about to be taken having a net positive or a net negative effect on the ability of our entrepreneurs to succeed? What are the right instruments to tackle occurring issues? Europe’s app economy has generated 2.05 million jobs, as of April 2018, at an annual growth rate of approximately 6.6% (link). We shouldn’t such developments for granted and should focus on strengthening those who build our future.
It’s hard to underestimate the ability of European entrepreneurs to innovate and to disrupt for a better future. But at the same time we cannot blame them for taking the best way towards success. Their role is to innovate while the role of public policy is to provide the best conditions to do so. Ultimately, if not founders themselves, its investors who will apply a strict due diligence.
Despite the arguments put forward by European policy-makers, short-sighted regulatory interventions interfering in the digital economy risk unbalancing ecosystems which depends upon an open and flexible approach to ensure continued innovation. The oxygen needed for startups has and always will be open access, allowing them to be part of a global community able to compete and build our future.
In the same way that users enjoy the benefits of innovation, regulatory constraints will also have a knock on effect on consumers. Take the European Commission’s proposal on the platform to business relationships or any of their competition work. Often decisions are motivated from a particular set of interest or constituency, and is not always fully weighted against all interest and benefits such as for consumers.
Take Be My Eyes, an app developed in Denmark that connects blind people with volunteer helpers from around the world via live video chat with 100,000+ downloads on smartphones. In the field of fitness and wellness, from sleep pattern optimization in Sweden to healthy home cooking in Germany, European apps improve the way people around the world approach their well being. Such stories are nearly endless and show a 21st century face of our diversity. These apps could emerge thanks to platforms like Google Play and Apple’s app store, which allow startups to scale quickly and reach billions of users over night.
Startups in Europe have to run the extra mile
We fear that regulatory interventions which fail to take full account of startup communities could lead to increased product prices, less choice and entry barriers for startups. Just think of the apps we use to help us improve our travel experiences. Most of Europeans download more than two new apps a month and spend hours playing games, shopping or doing our finances.
Startups are at the heart of innovation in our economy. Most new applications see the light of day in startups and startups aren’t shy challenging the status quo. We have to learn to get comfortable with disruptive innovation as long as the product benefit aims at the user. We need policy makers to understand how the startups of today will be shaping the economy of tomorrow. To capture incredible success stories like those of our mobile economy and other verticals like deep tech and manufacturing. Doubling down on regulation and enforcement will cause the contrary of the success stories we want to see so many more of.
Picture credits: Steve Halama
The time to move e-health forward is now as policies on Data Protection and Artificial Intelligence unfold and the negotiations on the new Multiannual Financial Framework for 2021-2027 begin.
Technology is exciting, and we have only seen the tip of the iceberg when it comes to the opportunities it offers. Digital solutions are increasingly pivotal in Europe and their role in ensuring thriving, future-proof, and sustainable societies is expected to become even more crucial in the coming decades. This is particularly true for the health sector. We all know what Europe’s health systems are up against: financial pressure and the high costs of life-saving medicines, the growing lack of human resources, and the rising burden of chronic diseases against the backdrop of ageing societies. Digital tools can make a difference for health, but only when we decide to be bold about it.
2018 is an important year for digital health and there is strong momentum to move forward. However, if we are serious about reforming European health systems, we need to make sure that digital solutions can flourish. We need to secure funding in the right places, and put in place structures that allow us to use digital tools effectively, for instance to focus scarce resources and realise integrated care.
A few structures have already put in place, and we can build on these. One example is the EU General Data Protection Regulation (GDPR), which took effect in 2018. The GDPR offers a start in ensuring legal alignment with rapid technological innovation, while it provides greater certainty and transparency around the use of data. It also strengthens patient and consumer confidence.
Another step in the right direction is the recently launched strategy on Artificial Intelligence (AI) for Europe, in which the European Commission outlines its plans to become a leader in AI and to step up investments in AI. At the same time, the European Commission launched a communication on the transformation of health and care on the digital single market.
The communication underscores the need to reduce the existing fragmentation on the European market. One of its key objectives is to facilitate the cross-border exchange of health data for research and health policy, which is an important challenge to tackle. To illustrate, cross-border health exchange could accelerate the diagnosis of rare diseases, and it could help to find tailored treatment for almost 30 million European citizens suffering from a rare disease. The opportunity is there. We now need to be bold enough to effectively use what we have.
How can we achieve this? We need the commitment of European countries to work together and establish a fully-fledged pan-European infrastructure for digital health. Now, as the European institutions are negotiating a new Multiannual Financial Framework (MFF) for the 2021-2027 period, is the time to make this happen. We need an investment boost for the new generation of digital infrastructures, to ensure that our healthcare priorities are met with the right tools.
Austria, which will hold the Presidency of the European Council from 1 July to 31 December 2018, will play an important role in the MFF deliberations and intends to take full advantage of the momentum for change. The country is indeed well-placed to move things forward, having invested more than €100 million in a digital infrastructure through which citizens can access their individual health records.
Finally, the ways in which digital solutions can help to make Europe’s health systems more sustainable for the benefit of sustainable will be a strong focus of the discussions at this year’s European Health Forum Gastein (EHFG), which will be held from 3-5 October in Bad Hofgastein, Austria. The EHFG 2018 calls for bold decisions and practical solutions for health, which is exactly what we need with the 2030 deadline to meet the Sustainable Development Goals coming closer. It is time to put our money where our mouth is.
Picture credits: Mārtiņš Zemlickis
On November 27th, at the Egmont Palace, a rather extravagant but always elegant venue in the heart of Brussels, the Think Digital Summit took place. The Digital Post could not have missed the opportunity of attending
It is the second year the Think Digital Summit runs by the initiative of the European Business Summit. This year’s Summit touched upon issues such as data protection and privacy of consumers and citizens, growth of SME’s and Start Ups within the Digital Single Market, and last on critical digital infrastructure for developing a 5G network across Europe. The speakers were MEP’s, EU officials, policy makers, and representatives from the business sector. The Summit was smartly structured into three thematic panels in form of debates mainly polarizing between speakers from public institutions defending EU policies and corporate representatives advocating on business interests. The debate formation was not only vibrant managing to keep the participants interest alive for more than 6 hours but also gave us the opportunity to witness diverse interests and objectives collide or concede depending on the speakers’ background and the topic discussed.
In his opening keynote speech Giovanni Buttarelli, the European Data Protection Supervisor acknowledged the increasing demand for transparency and the need for all individual voices to be heard and transposed. Building on his statement, he pointed out an ‘‘unfair balance’’ between corporations handling a big amount of data, and on the other hand citizens merely giving away valuable personal data, oblivious of this transaction. Having framed this imbalance he labelled opacity as the biggest threat set to individuals and suggested this threat should be tackled by regulation.
Data Protection and Privacy of the European Digital Future
The topic which ignited a rather polemic but nevertheless constructive debate was the General Data Protection Regulation (GDPR) or officially Regulation 2016/679 (Click here) and which monopolized the discussion of the first panel. According to EU officials the GDPR objective is to achieve an equilibrium between the full respect of fundamental human rights and business development, being at the same time an innovation friendly regulation. GDPR comes into force at the end of May 2018, so we will have to wait and see whether it will reach its full potential and purpose. Furthermore, this regulation comes to repeal an older E-Privacy Directive (Directive 95/46/EC), with the intention to achieve full integration and harmonization of implementation across the E.U. Highlighting the value of the innovation friendly design for the business sector, Despina Spanou, Director of DG CNECT, also strongly advocated for the need to empower consumers to have full control of their communication and to be asked to consent or not to sharing their data. ‘‘Consent has to be affirmative, not implicit’’, she asserted.
Responding to Mrs. Spanou, Mr. Louette, Deputy Chief Executive Officer, Orange, joked ‘‘Beware of Greeks bearing gifts’’ which although was a great ice breaker, it also made a clear-cut statement regarding his position towards the GDPR . He expressed his fears on restrictions on data use in businesses, stressing the need to balance regulation so that it does not hinder business activity. The issue of labelling almost everything as ‘‘personal data’’ was also brought up, pointing out the need to define the term more effectively. Furthermore, Mr. Louette argued that using personal data, such as people’s locations, can enable companies analyse the data and produce smarted public services where needed. Last, he revealed that Orange wants to create a data dashboard for its customers from where they could monitor the cyberspaces they had left traces of their personal data.
Boosting Growth for SME’s and Start-Ups in the Digital Single Market
Digital is not a new industry, it is the way all SME’s and Start-ups should operate, says Katarzyna Jakimowicz, Associate Director of the Lisbon Council. The biggest issues SME’s have to tackle are to sell their products internationally, and to expand their limited knowledge of digital advertising tools. In some countries like Bulgaria, online purchases account for below 30 per cent of overall purchases, which discourages companies in these countries to advertise online at all. The major issues raised in this panel were once again regulation harmonization, this time on e-commerce and work mobility, and the business responsibility to create windows of opportunity for smaller businesses to grow. Nevertheless, the most interesting points were raised by Mrs. Jakimowicz on the existing, as she calls it, ‘‘talent and soft skills gap’’ referring to SME’s difficulty to access talent and digital skills domestically making the need for EU regulation on remote work more relevant and urgent than ever. The lack of communication between SME’s and institutions when it comes to funding and support mechanisms was discussed, bringing up that the European Innovation Council (Click here) will give €2,7 billion on SME’s, and in terms of promoting and supporting growth, the EU has initiatives such as The Startup Europe Project (Click here) helping SME’s develop.
Digital Infrastructure towards Maximum Connectivity
‘‘Bad connection is like no connection at all, thus we should aim towards high speed maximum connectivity’’ says Miapetra Kumpula-Natri, MEP for S&D.
The third and last panel focused on the advent of 5G network and the issues that need to be dealt with along the way. Issues that will arise on setting up a 5G network are building the necessary infrastructure to support the regular function of the network and the urgent need to regulate in order to create a safe environment for investors and in order to protect competition and innovation. Furthermore, it was repeatedly argued that this transition will not just be a transition from 4G, as it happened from 3G to 4G, it is a new technology that would change our lives and apply in a diversity of human activities such as transport and health industries, but unfortunately further elaboration and more tangible examples as to in what ways this network would revolutionize our everyday lives were not given.
Take Away Messages
An equilibrium between citizen’s protection and business development and innovation needs to be set, and the DGPR aspires to do so.
More initiatives need to be launched at EU level in order to boost and support SME’s access to soft digital skills and funding mechanisms.
Regulation on harmonization of rules on e-commerce and remote working are urgent.
In achieving a 5G network there are still a lot of issues to be tackled, such as critical infrastructure and regulation on safety to attract investors.
Overall I found the Summit very interesting and relevant. The structure of the sessions was constructive in terms of content and interaction between the speakers. The topics discussed were all relevant to current digital affairs and analysed sufficiently; I am afraid though with the exception of the 5G topic where more tangible arguments could have been delivered by the speakers. Questions by the participants were welcomed and answered with directness and in a meticulous fashion. Furthermore, the venue was grandiose, some might argue over the top, but still interesting to see, and last the services provided, such as food and drinks were satisfactory, although perhaps wider variety of food would have left participants with impressions. For now we can only wait for the next Think Digital Summit in December next year and wonder what novelties we are to anticipate on.
Photo credit: pixabay.com
In the context of the 7th annual EuroCloud Forum, which takes place from 5-6 October in Bucharest, Romania, Elena Zvarici, executive board member of EuroCloud Europe, talks about how Europe can take advantage of cloud computing and the data economy.
In order for Europe to take full advantage of cloud computing and the data economy, we need to strike the right balance between regulation and innovation
In the digital world the balancing act between business and regulation is a delicate one. In the past year we have seen the adoption of the new European General Data Protection Regulation, the invalidation of the Safe Harbour agreement for transatlantic data transfers and problematic discussions around its replacement the Privacy Shield.
Setting these developments into the context of the many ongoing initiatives at EU level aimed at encouraging innovation and the data economy, it is clear that getting the balance right is no easy task.
Europe is leading the way in data privacy and advocates a high level of data protection worldwide. The newly adopted General Data Protection Regulation introduces a new concept of responsibility towards data ownership, as well as new legal obligations for businesses to comply. For cloud SMEs and start-ups, getting up to speed can be problematic and they will need help.
A coordinated approach is needed between data protection authorities, policy makers and industry, in order to help organizations in this transition, by providing adequate data breach reporting tools, compliance toolkits and publicising the key issues. Let’s make sure that European SMEs and start-ups, so often the drivers of growth in Europe, are well placed to comply.
While the GDPR provides a high level of data protection we must remember that we are ever more connected through digital means and cannot think solely in terms of Europe. We are global users and exporters of digital services and need to have a strong cloud computing and data economy to be competitive. International data flows will play a key part in this. To avoid regulation clashes and to create international data-driven markets, in the future we should strive towards the creation of uniform, accepted standards of personal data protection on a global basis.
The recent agreement on the Privacy Shield for EU-US data transfers did not come a moment too soon and will hopefully bring the much needed legal certainty for the approximately 4,000 businesses who made use of the safe harbour mechanism. This legal assurance is vital. Many of these companies will rely on global information exchanges. Let’s hope that the provisions in the Privacy Shield can provide a robust enough framework to encourage data flows while providing high standards of data protection.
Global data flows are vital to international trade and economic growth and the European Commission Initiative on the free flow of data, expected at the end of 2016, should aim to enable European companies, particularly in the growing cloud computing sector, to be in the forefront of the global innovation race.
The Initiative should aim to reinforce the European cloud sector, so that companies are encouraged to develop new innovative services in the cloud, sell their services cross-border and enter the global market as exporters of technology.
This can be done by providing clarity on issues such as data ownership, liability arising from data use and data localisation across Europe.
If we really want to position Europe as a global leader in the data economy we need to ensure that we get the balance right. This means ensuring high levels of privacy while fostering new business innovation in sectors that rely on data and developing trust and confidence among users, from the individual consumer to the public and private sector.
Now is the time to move forward and encourage Europe to reap the benefits of data and the cloud.
Picture credits: Roberto Sartori
The Digital Post speaks with FTC Commissioner Julie Brill about the new ‘Safe Harbour’, the implications of the EU privacy reform, and privacy issues arising from the boom of the Internet of Thing.
The Digital Post: The European Union and the United States of America have reached an agreement on a new Safe Harbour data treaty. What are in your view the main achievements of the deal? What would have been the concrete risks if an agreement weren’t signed?
Julie Brill: The main achievement of Privacy Shield is that it provides strong privacy protections for European consumers and creates a framework for more parties to engage in active supervision and stronger enforcement cooperation. With respect to commercial data practices, Privacy Shield will provide stronger privacy protections than Safe Harbor did – through beefed up onward transfer requirements, and in other ways.
Privacy Shield will also establish more active supervision of the program in practice, so that the Department of Commerce, the European Commission, European data protection authorities (DPAs), and the FTC can detect and address any issues that come up. Privacy Shield will also provide a well-defined process for consumers to complain about the data practices of Privacy Shield companies.
The FTC will remain committed to giving priority to complaint referrals from DPAs, and there will be a better process in place for following up on these complaints. And even in the absence of referrals from DPAs, the FTC will continue to aggressively look for violations of the Privacy Shield principles.
Finally, in the area of national security, the United States agreed to take the unprecedented step of designating an ombudsperson to take complaints about surveillance activities that relate to Privacy Shield. This is in addition to the significant reforms that Congress and President Obama have made to surveillance practices in the past few years.
The risks if Privacy Shield hadn’t been agreed upon would have been that consumers and businesses would have continued in the limbo in which we currently exist, where some mechanisms to transfer personal data from the EU to the U.S. are still allowed, but they are expensive, opaque, and much more difficult for the FTC to enforce.
Of course, Privacy Shield still has many steps to take before it receives approval. If it were not approved, then companies – particularly small and medium enterprises – would lose out because of the time and resources that they have to put into alternative arrangements for data transfers.
But consumers also would lose out because they would have far less transparency into which companies are handling their data, the rules governing data transfers, and where to go to complain if they believe their rights are not being respected.
TDP: According to some observers, the new agreement won’t be sufficient to meet the concerns of the European Court of Justice. What is your opinion?
JB: It’s important to remember that the CJEU’s Schrems decision did not address national security surveillance practices in the United States. Rather, the case was based on the court’s concern that the European Commission’s adequacy decision in the year 2000 did not address U.S. privacy protections relating to national security surveillance.
It is hard to say how the CJEU would have assessed a full, accurate record concerning surveillance practices and privacy protections in the United States, had those facts been before the court. In any event, the U.S. has enacted significant reforms since the Schrems case was referred to the CJEU, and the U.S. is making further commitments through Privacy Shield.
On the whole, I believe these protections meet the CJEU’s standard of “essential equivalence to the EU legal order”, but we will have to wait to see if Privacy Shield is challenged to know whether the CJEU agrees.
TDP: Is the GDPR going to widen the chasm between EU and US regulatory approaches to data protection? How the FTC is working on this issue?
JB: The GDPR incorporates several provisions that either appeared first in the United States or are by now very familiar to companies and enforcers in the U.S. Examples include a focus on reasonable data security through a continuing process of risk assessment and mitigation, a general security breach notification requirement, heightened protections for children, privacy by design, and a recognition that deidentification can reduce privacy and security risks.
There are some differences between the European and U.S. versions of these provisions, but overall they show how developments in the U.S. can influence the direction that Europe takes.
On the other hand, some provisions of the GDPR move further away from the U.S. approach. A prime example is the GDPR’s right to be forgotten article, which extends to all data controllers. This expansion is a sharp contrast to the very targeted and specific provisions of U.S. law that help individuals keep some information about themselves obscure.
Companies and regulators on both sides of the Atlantic need to start working out answers to the many questions that the GDPR raises. That’s one reason that I think it’s so important for us to move beyond the issues surrounding mechanisms for data transfers that have dominated the discussion for the past several months.
With the announcement of an agreement on Privacy Shield in the past several weeks, I hope we now can begin to discuss the GDPR and issues like big data and the Internet of Things in a more sustained and meaningful way.
TDP: The FTC has been focusing on privacy issues related to the booming sectors of Internet of Things and Big Data. What are the risks? How regulators should deal with this very sensitive issue?
JB: There are important roles for enforcement, policy development, and business and consumer guidance in the Internet of Things and Big Data ecosystems. On the policy and guidance front, the FTC has been taking a close look at the potential benefits and risks of the Internet of Things and big data.
We have hosted public workshops, taken public comments, and written key reports on the broad range of technical and economic concerns that arise from having many more connected devices, huge volumes of personal data, and rapidly improving analytics.
We heard a lot about the exciting possibilities to solve problems in health care, transportation, the environment, education, and other areas; but we also learned about significant risks. Security is a huge challenge with the Internet of Things.
Not only are many devices being offered by companies that do not have long track records with data security, but these devices are also being used in ways that collect highly sensitive information and create physical risks to consumers.
With respect to big data, we found that there is a potential for unfairness or discrimination to enter through biases in data collection and analysis. Some of these issues could get companies into trouble under fair lending, credit reporting, or other laws. Other issues arise in settings that these laws do not cover, but companies still need to be aware of them because they may be deceptive or unfair.
Enforcement also plays an important role in the FTC’s approach. We have already brought enforcement actions relating to privacy and security violations with IoT devices. We have the authority to stop unfair or deceptive practices – whether or not they involve new technologies and business practices – and we will use it in appropriate cases.