On November 27th, at the Egmont Palace, a rather extravagant but always elegant venue in the heart of Brussels, the Think Digital Summit took place. The Digital Post could not have missed the opportunity of attending
It is the second year the Think Digital Summit runs by the initiative of the European Business Summit. This year’s Summit touched upon issues such as data protection and privacy of consumers and citizens, growth of SME’s and Start Ups within the Digital Single Market, and last on critical digital infrastructure for developing a 5G network across Europe. The speakers were MEP’s, EU officials, policy makers, and representatives from the business sector. The Summit was smartly structured into three thematic panels in form of debates mainly polarizing between speakers from public institutions defending EU policies and corporate representatives advocating on business interests. The debate formation was not only vibrant managing to keep the participants interest alive for more than 6 hours but also gave us the opportunity to witness diverse interests and objectives collide or concede depending on the speakers’ background and the topic discussed.
In his opening keynote speech Giovanni Buttarelli, the European Data Protection Supervisor acknowledged the increasing demand for transparency and the need for all individual voices to be heard and transposed. Building on his statement, he pointed out an ‘‘unfair balance’’ between corporations handling a big amount of data, and on the other hand citizens merely giving away valuable personal data, oblivious of this transaction. Having framed this imbalance he labelled opacity as the biggest threat set to individuals and suggested this threat should be tackled by regulation.
Data Protection and Privacy of the European Digital Future
The topic which ignited a rather polemic but nevertheless constructive debate was the General Data Protection Regulation (GDPR) or officially Regulation 2016/679 (Click here) and which monopolized the discussion of the first panel. According to EU officials the GDPR objective is to achieve an equilibrium between the full respect of fundamental human rights and business development, being at the same time an innovation friendly regulation. GDPR comes into force at the end of May 2018, so we will have to wait and see whether it will reach its full potential and purpose. Furthermore, this regulation comes to repeal an older E-Privacy Directive (Directive 95/46/EC), with the intention to achieve full integration and harmonization of implementation across the E.U. Highlighting the value of the innovation friendly design for the business sector, Despina Spanou, Director of DG CNECT, also strongly advocated for the need to empower consumers to have full control of their communication and to be asked to consent or not to sharing their data. ‘‘Consent has to be affirmative, not implicit’’, she asserted.
Responding to Mrs. Spanou, Mr. Louette, Deputy Chief Executive Officer, Orange, joked ‘‘Beware of Greeks bearing gifts’’ which although was a great ice breaker, it also made a clear-cut statement regarding his position towards the GDPR . He expressed his fears on restrictions on data use in businesses, stressing the need to balance regulation so that it does not hinder business activity. The issue of labelling almost everything as ‘‘personal data’’ was also brought up, pointing out the need to define the term more effectively. Furthermore, Mr. Louette argued that using personal data, such as people’s locations, can enable companies analyse the data and produce smarted public services where needed. Last, he revealed that Orange wants to create a data dashboard for its customers from where they could monitor the cyberspaces they had left traces of their personal data.
Boosting Growth for SME’s and Start-Ups in the Digital Single Market
Digital is not a new industry, it is the way all SME’s and Start-ups should operate, says Katarzyna Jakimowicz, Associate Director of the Lisbon Council. The biggest issues SME’s have to tackle are to sell their products internationally, and to expand their limited knowledge of digital advertising tools. In some countries like Bulgaria, online purchases account for below 30 per cent of overall purchases, which discourages companies in these countries to advertise online at all. The major issues raised in this panel were once again regulation harmonization, this time on e-commerce and work mobility, and the business responsibility to create windows of opportunity for smaller businesses to grow. Nevertheless, the most interesting points were raised by Mrs. Jakimowicz on the existing, as she calls it, ‘‘talent and soft skills gap’’ referring to SME’s difficulty to access talent and digital skills domestically making the need for EU regulation on remote work more relevant and urgent than ever. The lack of communication between SME’s and institutions when it comes to funding and support mechanisms was discussed, bringing up that the European Innovation Council (Click here) will give €2,7 billion on SME’s, and in terms of promoting and supporting growth, the EU has initiatives such as The Startup Europe Project (Click here) helping SME’s develop.
Digital Infrastructure towards Maximum Connectivity
‘‘Bad connection is like no connection at all, thus we should aim towards high speed maximum connectivity’’ says Miapetra Kumpula-Natri, MEP for S&D.
The third and last panel focused on the advent of 5G network and the issues that need to be dealt with along the way. Issues that will arise on setting up a 5G network are building the necessary infrastructure to support the regular function of the network and the urgent need to regulate in order to create a safe environment for investors and in order to protect competition and innovation. Furthermore, it was repeatedly argued that this transition will not just be a transition from 4G, as it happened from 3G to 4G, it is a new technology that would change our lives and apply in a diversity of human activities such as transport and health industries, but unfortunately further elaboration and more tangible examples as to in what ways this network would revolutionize our everyday lives were not given.
Take Away Messages
An equilibrium between citizen’s protection and business development and innovation needs to be set, and the DGPR aspires to do so.
More initiatives need to be launched at EU level in order to boost and support SME’s access to soft digital skills and funding mechanisms.
Regulation on harmonization of rules on e-commerce and remote working are urgent.
In achieving a 5G network there are still a lot of issues to be tackled, such as critical infrastructure and regulation on safety to attract investors.
Overall I found the Summit very interesting and relevant. The structure of the sessions was constructive in terms of content and interaction between the speakers. The topics discussed were all relevant to current digital affairs and analysed sufficiently; I am afraid though with the exception of the 5G topic where more tangible arguments could have been delivered by the speakers. Questions by the participants were welcomed and answered with directness and in a meticulous fashion. Furthermore, the venue was grandiose, some might argue over the top, but still interesting to see, and last the services provided, such as food and drinks were satisfactory, although perhaps wider variety of food would have left participants with impressions. For now we can only wait for the next Think Digital Summit in December next year and wonder what novelties we are to anticipate on.
Photo credit: pixabay.com
The legislation agreed in mid-December by Parliament and Council negotiators marks a crucial step forward in getting away with a calamitous patchwork of national laws on data protection. However, it contains a number of inconsistencies that could negatively affect Europe’s digital ambitions.
It took nearly 4 years of bitter negotiations for the EU to strike an agreement on a sweeping overhaul of its data protection rules. But it was worth it. The legislation agreed in mid-December by Parliament and Council negotiators marks a crucial step forward in getting away with Europe’s calamitous patchwork of national laws on data protection.
The previous EU rules dated back to 1995 and their varying interpretations by Member States have contributed to create significant regulatory uncertainty while hindering innovation in critical sectors of the economy.
However, the new General Data Protection Regulation (GDPR) is far from perfect. It still presents multiple critical aspects. For instance, it fails to create a level playing field for telecom operators.
Following its introduction, the electronic communications sector will be forced to abide by a twofold regulation, complying with both the new data protection legislation and the ePrivacy Directive.
If Europe is serious about supporting growth and innovation in its digital markets, this asymmetry should be addressed as soon as possible. Otherwise it will place yet another burden on a sector which has been hit hard in recent years by a slow economic recovery while being under pressure to invest more in digital networks in order to meet the EU broadband targets.
As many know, the on-going Internet evolution has been providing breeding grounds for several new telecom-like services (including OTT services) to grow.
The point is that, unlike traditional telecom providers, such services are not necessarily bound by the terms of the ePrivacy Directive, although they are functionally equivalent to one another.
As a consequence, different rules applying to equivalent services inevitably create unfair competition between telecom operators as well as legal uncertainty and general confusion among consumers.
In order for consumers to benefit from a consistent regulation, regardless of the service provider in question, a prompt revision of the ePrivacy Directive is thus required.
But the negative implications of the new regulation on data protection could be larger, stretching far beyond the telecoms sector.
DigitalEurope, the main association representing the digital technology industry in Europe, believes that the legislation fails to strike the proper balance between protecting citizens’ fundamental rights to privacy and the ability for businesses in Europe to become more competitive.
The text agreed upon between the European Commission, European Parliament and the Council of Ministers contains a number of stringent obligations that could be very costly for IT businesses, undermining their ability to invest, innovate and create jobs.
European businesses, traditionally less equipped to meet these obligations, could be hit hard. And, of course, this is in stark contrast with Europe’s ambitions to create a generation of home-grown global leaders in the tech sector.
Another matter of concern is the so-called is the compromise reached on the so-called “one-stop-shop”, according to which tech companies operating in different countries will deal with only one data-protection authority, namely where their European headquarter is based.
As Member states managed to weaken this principle, as recently reported by Reuters, some obervers believe that this will create more legal confusion and litiges (for instance, to determine what is the concerned national authority). Again: the bill for the companies could be very expensive.
Following the political agreement reached in trilogue, the final text of the data protection regulation will be formally adopted by the European Parliament and Council in a few weeks. Maybe there is still room to fix its inconsistencies.
Photo credit: Martin Fisch
Looking at Europe’s digital progress, 2015 started under great promise but didn’t end quite so well. So how can Europe do better? Here are 5 tests I’ll be applying in a year’s time.
Must do (quite a lot) better in 2016. Yes, it’s a cliché but that might well be the end-of-year report on Europe’s digital progress in 2015.
It started with great promise; President Juncker making snappy videos about his digital street cred, a Vice-President for the Digital Single Market and a Commissioner for Digital Economy and Society, and DSM strategy with welcome consultations.
But the year didn’t end quite so well, did it?
A compromise on data protection that didn’t deliver on its original promise of reduced costs for business, with a single consistent approach across Europe and a one-stop-shop; real uncertainty for many businesses thanks to the ruling on Safe Harbour, and endless examples of incumbent interests seeing off the disruptors who had the temerity to use digital to offer better, cheaper service to European city dwellers.
So how can Europe do better this year? Here are 5 tests I’ll be applying in a year’s time.
First, and it’s a big one, I’ll be asking whether we give as much weight to gaining the benefits of the new, and increasingly global, data economy and society – from health benefits to wealth benefits – as we do to the important task of keeping our data safe and secure. Have we grasped the opportunities of global data flows and resisted unproductive forced localization?
Second, make it more attractive, not less, to invest in Europe’s digital infrastructure. If the EU is to lead the way to 5G, crucial bands will have to be made available in a coordinated and timely way, putting an end to today’s national fragmentation.
My third test: make a real improvement in the quality and quantity of digital skills available both to tech suppliers and their customers in Europe’s industries and public services alike. At the end of the year I want to see that Europe’s citizens can easily and cheaply acquire the digital skills they need to be active in our digital Europe.
Next really do unlock the potential of e-commerce. Don’t just say you’ll do so while building new barriers and making consumer rules in the online world different from, and more complicated than the off-line world – recognise that for most Europeans this distinction is fast disappearing.
Fifth and finally, I want to see that many more of Europe’s business leaders and politicians have grasped and actively promoted the power of digital to modernise our industries and improve public services to drive the single market. Will we have shifted our thinking to exploit the power of modern platforms rather than worrying about them?
To borrow from Machiavelli, Europe has to tackle the powerful vested interests that profit from the status quo, while at the same time embracing the disruptors who dare to challenge them.
I look forward to seeing you again next year and I have every expectation of a better report.
photo credit: Tom Gill
We welcome the new General Data Protection Regulation (GDPR) that was agreed in mid-December, as it marks a crucial step forward. However, it fails to create a level playing field for telecom operators. And still presents multiple critical aspects.
Following the introduction of the regulation, the electronic communications sector will be forced to abide by a twofold regulation, complying with both the new data protection legislation and the ePrivacy Directive. If Europe wants to support the growth and innovation spreading out within its convergent digital markets, this asymmetry needs to be addressed shortly.
The ongoing, rapid Internet evolution has been providing breeding grounds for several new telecom-alike services (including OTT services) to grow. The point is that, unlike traditional telecom providers, such services are not necessarily bound by the terms of ePrivacy Directive, although they are functionally equivalent to one another.
As a consequence, different rules applying to equivalent services inevitably create unfair competition between telecom operators as well as legal uncertainty and general confusion among consumers. In order for them to benefit from a consistent regulation, regardless of the service provider in question, a prompt revision of the ePrivacy Directive is required.
The European Union needs to have common privacy standards in place as soon as possible. For this to happen, member states need to show far more engagement, says German MEP Jan Albrecht
More than three years on from the publication of the first draft proposal, the Data Protection Regulation is still under negotiation. However there are doubts over whether it can be agreed before the end of 2015. What is your view?
I think that for the legislation to be finalized by the end of this year member states need to show far more engagement. Negotiations in the Council are advancing at a slow pace due to simple issues and disagreements popping up over and over again, thus postponing the whole process.
So ultimately it’s a question of political will. If the Council does want to achieve an agreement, it can do it very quickly. The European Parliament has voted its position in October 2013: since then we are waiting member states to reach a deal in order to start the trilogue.
Speaking of the trilogue, how do you see the future negotiations between the Council and the European Parliament?
First of all, it will be key that the Council delivers on high standards for the protection of privacy. However, looking at the ongoing talks among member states some of the provisions of the proposal already run the risk of being diluted compared to the protection levels set in the 1995 directive.
This is a red line for the European Parliament: we won’t accept lower standards than the 1995 directive. If member states want to get on a common ground with the European Parliament they need to agree on stronger individual rights and sanctions.
Given that the regulation will have a two-year transitional period before it applies, don’t you fear that the technological evolutions will render the text obsolete by the time it enters into force?
I do not think that the text voted by the European Parliament will be outdated soon because it already encompasses all the actual developments and it is as much technology-neutral as possible.
But it’s true that if the Council doesn’t find an agreement anytime soon and negotiations stretch into 2016, adding the transitional period, it means that there are at least three years left before Europe has a single data protection standard. This equates to three more years of losses and struggle for the European IT companies in comparison with US Internet giants. I do not think that we can afford this to happen. We really have to hurry up!
However critics of the regulation lament that the regulation will result into more burden placed on companies.
On the contrary, the European Parliament has included in the text provisions that protect all the companies from too much burden – for example we excluded smaller companies from some duties of documentation and information.
Moreover, the new regulation would reduce bureaucracy by replacing 28 different national regimes with just one. The benefits for SMEs will clearly outstrip the potential burden which I do not think will be higher than today.
Is it possible to restore trust in transatlantic data flows and on which basis?
First, the European Union and its single market need to have common privacy standards in place in order to ensure legal certainty for consumers, citizens and enterprises in Europe.
Only then, we can start negotiating with the US on common transatlantic standards, i.e. the application of certain basic data protection rules. In short, that will be only possible if we pass the data protection regulation as quickly as possible.
How can we negotiate with the US on common standards and create a transatlantic market if Europe has not a single standard itself? As long as we do not achieve this objective it won’t be possible to negotiate on privacy standards in the framework of TTIP.
In addition, the US has also to do its own homework. New legislation on data protection recently announced by President Obama is a starting point and the first requirement for any further negotiation. Without such legislation in place it is almost impossible for the European Union to agree on common privacy standards.
What’s wrong with the EU’s plans for the passenger name record (PNR) system? Why the European Parliament is opposing the proposal?
In the last years nearly every terrorist attack we have seen involved attackers who were already known by the authorities as potential or suspicious terrorists. However, we have focused on collecting personal data of citizens – for instance through the data retention directive – who are completely not suspicious or risky.
Collecting just more hay if you are looking for a needle in a haystack is the wrong approach to improve security. The right way would be to spend the money that would go to the PNR system (hundreds of millions of euro) into better equipment for police and law enforcement authorities in Europe and into improving coordination and exchange of information on suspicious persons. This is what we ask.
A no less important issue is that last year the European Court of Justice ruled that retention of data without any link to suspicious or risk is not legal and proportionate. Therefore, we should not vote laws that we know are illegal.
photo credits: KylaBorg
The draft Data Protection Regulation (DPR), as it has been amended by the European Parliament, would seriously impair Europe’s competitiveness in medical research and innovation, which in turn will have a negative impact on health and wellness in the population.
The right to privacy and the consequent need for data protection is an aspiration of the great majority of people living in Europe. The draft Data Protection Regulation (DPR) is designed to provide the legislative framework for protecting peoples’ right to privacy and generally it does a very good job.
However, there is another right to which a great majority of citizens aspire.
[Tweet “The right to a healthy life, which implies the right of access to the best possible medical care”]
Excellent medical care is impossible without excellent medical research, which provides the new diagnostic instruments, drugs and other measures for keeping people healthy.
Balancing these two rights is critical if we are to protect individuals’ data, while avoiding harmful unintended consequences for research. As a practicing doctor and active medical researcher I believe there is a danger of that happening if the Parliament’s amendments to the DPR are adopted.
Medical research has increased the average European life span from around 40 to over 80 years in the 20th century. It has eliminated polio with vaccination; turned AIDS into a non-fatal disease; protected young women from cervical cancer; and cured stomach ulcers with antibiotics, eliminating the need for surgery.
The list is enormous. Medicine has also provided much employment in Europe in the last century.
Effective medical research requires a large number of different types of data, from varied sources, ranging from laboratories to hospitals to census information or medical records. Epidemiological and association studies often require very large data sets, based on information from thousands of people, to get the answers we need for disease prevention and to maintain “wellness”.
There is a tried and tested system for protecting the privacy of individuals. It is based primarily on local ethics committees that include lay representation and which work to an international standard expressed in the Helsinki Declaration.
In addition, peer review guarantees scientific validity and medical importance and eliminates unnecessary experimentation, or experimentation that cannot achieve a result to the question posed. This culture includes developing new methods to protect data, which are refined as science and technology progress.
Europeans view their health as being as important as their right to privacy. In a Eurobarometer survey from 2014, 40 per cent of respondents said that “treatments that work” are one of their criteria for high quality healthcare.
[Tweet “Health research is essential for discovering and testing better treatments”]
In Europe’s socialised health systems, the vast majority of people contribute to funding health care through taxes. Data collected during the care of an individual clearly belong to that individual.
But perhaps we should consider whether every citizen who pays for the health system also has a right for this rich information to be shared – safely and securely – to improve the health and wellbeing for all of us.
At present, the legal framework and the culture of safety in medical research respects the balance between the right to privacy and the right to health. That important balance will be maintained if the final version of the Regulation retains the substance of the medical research exceptions proposed in the initial Commission draft.
I believe that the adoption of the Parliament’s amendments to the Regulation would seriously impair medical research by preventing some studies and creating ambiguous rules and unwieldy, bureaucratic processes for others.
Europe’s competitiveness in medical research and innovation will be blunted, impacting negatively on opportunities for job and wealth creation, which in turn will have a negative impact on health and wellness in the population. This is a vicious circle that must be avoided.
This post was originally published on the website of the European Data in Health Research Alliance (www.datasaveslives.eu / @datamattersEU)