final report conference on ICT 2 - Ludwig von Mises Institute Europe

Transcription

A Ludwig von Mises Institute – Europe report on
“Will New EU Data Protection Rules Stifle
or Stimulate the Digital Market?”
&
“Data Transfer Regulations for Cloud Computing”
April 25th, 2012 & November 27th, 2012
1
Organizers
Ludwig von Mises Institute - Europe
Friedrich Naumann Stiftung für the Freiheit
“Will
New EU Data Protection Rules Stifle or
Stimulate the Digital Market?”
Contents
Organizers, Time and Venue ..............................................................................................3
Speakers ...................................................................................................................................4
Report on the Conference ..................................................................................................5
List of Participants ................................................................................................ 15
Contents
Organizers, Time and Venue .................................................................................... …...20
Speakers ......................................................................................................................... …...21
Report on the Conference ........................................................................................ …...23
List of Participants ....................................................................................................…….31
2
“Will
Organizers:
Ludwig von Mises Institute – Europe, Friedrich Naumann Stiftung für die
Freiheit
Time and Venue:
April 25
th
2012, European Parliament
Speakers:
Mrs. Annette Godart-van der Kroon
President of the Ludwig von Mises Institute-Europe
Alexander Alvaro
MEP and Vice-President of the European Parliament
Peter J. Bisa
Geschäftsführer TACTUM Gesellschaft für Technologie –
Technologiemarketing und – berating GmbH
_________________________________________
Visit us at http://www.vonmisesinstitute-europe.org
3
Anthony Whelan
Head of Cabinet, Management of DG
Information Society and Media,
European Commission
Prof. Dr. Michael Backes
Professor at the Computer Science Department of
Saarland University and a Fellow of the Max Planck
Institute for Software Systems
Dr. Ellen Madeker
Director of Political
Analysis and Dialogue at
Friedrich Naumann
Stiftung für die Freiheit
Moderator:
Mathew Dalton
Wall Street Journal
_________________________________________
4
A large crowd gathered to listen to the speakers
When Commissioner Reding submitted her proposal for a reform of EU
Data Protection to “increase users’ control of their data and to cut costs for
businesses”, she launched a great debate in Brussels and in European
Member States on the issue. The LVMI-Europe is proud to be part of this
debate through this event, organized in collaboration with the Friedrich
Naumann Stiftung für die Freiheit.
Mrs. Godart - van der Kroon, President of the LVMI-Europe delivered the
opening address and highlighted the work that still needs to be done on the
proposal. For her, it is still not clear how the European Commission’s proposal to
reduce costs will stimulate the market. “Is saving money and reducing costs the
same as stimulating the market? Who will pay the price of Data Protection?” asks
Mrs. Godart, the answer is still unclear, but it appears small companies will have
to take a much higher burden than larger ones.
The second issue Mrs. Godart decided to highlight in her opening words was
enforcement of the rules. Indeed, the 1995 rules were very poorly enforced and
this issue is now considered to be essential to the success of the new regulation.
Which offenses should be punished? This is already at the centre of a dispute in
Germany between the Minister of Justice and the
_________________________________________
5
Minister of Interior. This, according to Mrs. Godart, brings us back to a major
precept of Liberalism: the Limits of the State. Here, the Rule of Law provides
protection for the individual against the State, and Mrs. Godart believes it is
important, in the case of Data Protection, to respect the Nulla Poena sine lege
1
Rule. Rules are important, but what is most important is to have the right rules.
Alexander Alvaro MEP started out his speech by highlighting that expects the
proposal to be highly significant, as it will affect 500 million Europeans as well as
many international companies. For him, this legislation is an opportunity for the
European Union, to build consumer trust, but also to push for more global data
protection legislation.
Nowadays, Europe needs a robust framework on Data protection. This will be a
long process, but Mr. Alvaro believes that now the EU has an opportunity to push
the legislation forward and extend it even beyond its borders.
1
No penalty without a law, one cannot be punished for doing something that is not prohibited by law.
_________________________________________
6
E-commerce is vital for the European economy, but trust still appears to be an
issue as Mr. Alvaro reminds us that as many as 81% of Germans feel they are no
longer in control of their data. The new data protection rules will therefore have to
provide this trust, by allowing the consumer to say “No”.
Mr. Alvaro believes Commissioner Reding did a good job and understands the
responsibility of MEPs to fine tune the proposal, and he is confident policymakers
will strike the right balance.
For him, this single solution will be a good step towards creating the necessary
trust but he believes the Commission will face a crucial test with the “Right to be
Forgotten”. Here, argues Mr. Alvaro, “the Commission must make sure not to
overstate its boundaries” as it appears that many questions still surround this
issue.
Mr. Alvaro concluded his speech with an invitation to the public to join the debate
on Data protection. He argues policymakers will need the contribution of citizens
to achieve the best outcome. In this sense, his office has set up an interesting edemocracy tool on his homepage.
Anthony Whelan started his speech by answering the question: What is the right
balance?
Finding the balance for him, is a question of protecting the data of the 200 million
Europeans who are already engaging in e-commerce while increasing the
competitiveness of the companies active in this area.
_________________________________________
7
Mr. Whelan from the European Commission during his speech
Mr. Whelan agrees that the proposal is imperfect, but he reminds us of the
context in which this proposal was made. Today, all 27 member states have their
own national legislations. The aim of this proposal is to determine a single set of
rules, an extremely important objective for the European Union.
Mr. Whelan also stressed the importance of making sure these new rules benefit
the new technologies, such as cloud computing. In this area, he argues, the
proposal brings some welcome simplifications and developments.
For Mr. Whelan, the core concept of the proposal is that data are personal.
Referring to the “Right to be Forgotten”, he points out that the proposal does not
mean one can erase the past and he argues this was not the aim of
Commissioner Reding. More realistically, the aim of the Commission is to
enhance the autonomy of the individual.
_________________________________________
8
Is this proposal going to spur economic growth? Mr. Whelan argues that it will
have a cost for the companies who are accustomed to a national regime and
don’t trade beyond their national boundaries, but for other companies, he is
confident this will promote growth.
Mr. Bisa was the next speaker, and after the two European policymakers, his
point of view, as a German Industry leader, was very different.
Mr. Bisa did not reject the claim that a reform of the European Data protection
regulation is necessary. The objective of this regulation is to remove the existing
asymmetry between Europe and the United States on the one hand, and on the
other to achieve a unification or alignment on a European level. In his view, this
proposal will shape EU data protection for the next 30 years, one more reason, in
his opinion to get things right.
Due to the rapid technological advancement it is normal that politicians adopt
some changes to data protection policies that, in Germany, date back to 1983. At
the time the topic was about the demographic statistics
survey. ”In the continuation of the movement of 1968 we had the right to
informational self-determination. It was the fear of government control.”
_________________________________________
9
The younger generation today has a totally different understanding of privacy
than its older counterparts; they are by far more willing to spread and make their
private information available, to give it away to the public, something which the
generation of 50+ considers to be impossible.
While the two first speakers highlighted the wide variety of people who will be
affected by the new data protection rules, Mr. Bisa argues that the ordinary
person is not interested in this issue. Indeed, most people do not take the time to
change the default settings of their browsers to protect their privacy. More than
80% of all T-Online users who open a T-Online account do not change anything
about the predefined privacy settings.
For Mr. Bisa, politicians often ignore the technical consequences of their
decisions, and forget to make the distinction between data protection and data
security. In his opinion, politicians see all advertising as bad, but he asked the
following question: “Isn’t it better to receive targeted advertising instead of being
spammed with everything?”
We can see this as an issue of fundamental individual rights or a market-driven
issue involving information that has value to both users and the companies that
collect their data.
In the initial data protection complex and the things a company can do with the
data we have to differentiate between the various approaches to technology
which result from the different perspectives regarding privacy in Germany and the
United States. In Germany we have very good technologies that help make
profiles anonymous while in the United States this anonymity is not demanded by
law. Therefore individual profiles may be created there. That means everybody
knows this is Peter Bisa, who is x number of years old and has this and that likes.
A German company does not need these details: it only knows this is a
representative
of
x,
that
he
likes
jazz
music,
_________________________________________
that
he
is
male.
10
So they have some indicators but they don’t know whether this person is called
Peter Bisa or George Harrison. All they know is that the person belongs to this
specific cluster.
This is the most basic difference which has emerged between Europe and the
United States. However, this is unknown to the majority of people. Though this is
the major strength of the technology, which is the basis for German business
models. Mr Bisa fears that these business models will be endangered by the new
regulation.
Mr. Bisa is therefore concerned about this regulation as it will destroy an asset.
The new regulation is destroying Germany’s strongest asset: the anonymous
targeting, thus killing the mid-sized-German internet industry. Or does someone
in Brussels believe that data protection impacts assessments, that a prior
authorization and prior consultation rule will help small and midsized companies,
that this will increase the level of innovation here in Europe?
For Mr. Bisa the question is whether this issue is best solved by new laws and
regulations to protect privacy, or by the market responding to public demand for
protection of personal data?
Indeed, as an advocate of a free economy, Mr Bisa believes excess regulation
does not help. For him, companies need to build customer relations and data are
essential to that. He goes even further and argues such strong regulation will not
help European competitiveness.
Mr Bisa’s then shared his thoughts on the question whether it’s better to keep the
status quo or have new laws and regulations. He is more scared of the new
regulations than the status quo. He sees the regulation proposed by Ms Reding’s
as a traditional bureaucratic approach with an immense barrage of detailed
regulation and authorization options trying to provide some kind of security,
which, however, will not be secure. And in no way will it help us - the German or
the
European
industry
–
being
in
a
disadvantageous position compared to the US
_________________________________________
11
.
European companies cannot be competitive with their American counterparts as
long as the Safe Harbour Act still remains applicable. Of course, the American
brands are part of the problem in terms of them always trying something new, but
when one doesn’t permit such openness, no development will occur.
Furthermore, Ms Reding’s proposal will deteriorate the European innovative spirit
with a detailed regulation.
Mr Bisa’s final remarks came down to a plea. First he pleaded for a verbal
disarmament from the data and consumer protectors’ side, because we only
unsettle people when we talk of piracy and exposure. These are terms that aren’t
helpful to anybody. They only stir up fears but have no use. They create new
problems but don’t help solve any problems.
Therefore verbal disarmament is the first aspect.
The second aspect is a demand to businesses resulting from his personal fiveyear experience as a campaigner for self-regulation: To have the courage to say
‘We accept our responsibilities’. And this takes us back to the origin of all my
contemplations: If I don’t handle [an issue], I am being handled. As an
entrepreneur I don’t want to be regulated but I want to regulate (i.e. act) myself. If
I am being regulated, if I am not allowed to act myself, I am not an entrepreneur.
Then someone else has responsibility but it’s not me.
The fourth speaker of the event, Prof. Dr. Backes gave us his opinion, as a
technology researcher on how big the problem of data protection really is and
how technology can help to protect privacy.
Back in the beginnings of the internet, the link between the user and Internet
Company was very direct. Now the situation has changed on both sides; on the
consumer side, the interface with the Internet is not limited to the computer
anymore, GPS is tracking users on their cell
_________________________________________
12
phones, their voices are recorded, and people are always connected. Data
protection is therefore no longer just about protecting the data entered voluntarily
on the computer. On the online company side, they are no longer necessarily the
ones processing and storing the data.
Other changes have come from the Social Media which have turned individuals
into producers as well as consumers, meaning it is more difficult to protect the
consumers against the producers.
The huge amount of data collected on the Internet is now stored and processed
by online companies. For Prof. Backes however, this is not necessarily a bad
thing and the commercial aspect that we tend to forget about, targeted
advertisement, is legitimate and should not be destroyed by the new regulation.
The real privacy concern is when the data is used for surveillance, phishing,
spamming, stalking or profiling.
One might therefore wonder if it is possible today to surf the Internet without
leaving any traces. Prof. Backes’ reply to this question was
________________________________________
13
straightforward; it is mostly up to the individuals to decide whether or not to put
things online (i.e. on Social Media).
For him, personal data should only be given explicitly, used for the correct reason
and made available to the dedicated persons. At the same time, users should be
informed and technological solutions should be used as well as legal constraints
to enforce the proper use of data.
Today, our appreciation of whether data protection is sufficient or not depends on
the point of view we take, in the same way as GPS is a positive thing when used
for navigation and a bad thing when used for tracking.
To summarize, Prof. Backes does not believe the perfect solution exists. For him,
proper data protection will depend on a proper combination of law, enforcement
and trust. On more specific issues such as the “Right to be Forgotten”, he does
not believe it is doable, but argues it is important to make the misuse of data
difficult.
Ms. Dr. Ellen Madeker gave the closing remarks. She is the Director of Political
Analysis and Dialogue at the Friedrich Naumann Stiftung für die Freiheit. She
thanked the Ludwig von Mises Institute Europe for co-hosting the event: "Data
protection as a fundamental right is a dear issue to us liberals", she said. Now
that technological progress and globalization have changed the way our data is
collected and used it has become all the more important to create a new
European framework. "What I have learned today is that it is all about awareness.
Companies need to understand that data protection is an asset, not a burden."
_________________________________________
14
List of Participants
Alexandrova, Ekaterina
European Commission
Allen, James
CBI Brussels
Andersen, Carsten Sommer
EuroCommerce
Andreeva, Mina
European Commission - Vice President Reding's Private Office
Arts, Petra
Kreab Gavin Anderson
Babak, Isabelle
EWE Aktiengesellschaft
Barjot,Lucile
IAB Europe
Barth, Patrick
Hill+Knowlton Strategies
Berman, Sasha Renate
Cabinet DN
Bertolli, Gabriele
Strategis Communications
Billiouw, Pauline
Brinkmann, Walter
European Affairs Consultant
Brunnenkamp, Christina
Friedrich Nauman Stiftung für die Freiheit
Casale, Alesandra
Assonime
Colombo, Giovanni
Coulet, Amélie
APCO Worldwide
Craft, Dan
Forum Europe
Cutajar, Omar
Malta Business Bureau
Czerepowicz, Ewa
Council of Europe Liaison Office with the European Union
de Barjac, Evelyne
Sarah Biontino Consultants SPRL
De Jong, Laura
International Committee of the Red Cross
De Roey, Arthur-Georges
Denzer-Speck, David
KfW Bankengruppe
Desnerck, Miguel
Desnerck Media Ltd
Destoop, Marion
Deussen, Olaf
European Commission
Dress, Simon
Friedrich-Ebert-Stiftung
Dubois, Nicolas
European Commission
Dürig, Christian
Corporate Representation Brussels
Eder, Philipp
Business Software Alliance
Egger, Alexandre
ThinkYoung
Emond, Ian
British Airways
Feehan, Townsend
Microsoft Legal & Corporate Affairs
Fein, Gesine
Representation of the State of North Rhine-Westphalia to the European Union
Flieger, Brigitte
Flintasu, Luminita
Council of Europe
Foinikopoulou, Aliki
Friedlaender, Daniel
Cabinet DN
IFPI European Regional Office
Joint Representation of the Free and Hanseatic City of Hamburg and the State
Schleswig-Holstein to the EU
Friedrichsen, Lars
_________________________________________
15
Fuchs, Hans-Peter
Gey, Carina Isabelle
Godart-van der Kroon, Annette
Gonzalez, Gabriel
Grusemann, Thomas
Günther, Enrico
Guth, Larissa
Hartrampf, Corinna
Heitz, Sophie
Hornberger, Carolin
Ignjatovic, Verica
Iral, Hubert
Ivanovas, Martha
Jimenez, Marisa
Kamm, Friederike
Kaplanová, Tereza
Khul, Annick
Handelsverband Deutschland HDE
Representation of the State of Rhineland-Palatinate in Brussels
TÜV Rheinland
Friedrich Naumann Stiftung für die Freiheit
German Medical Association
g+ europe
TÜV Rheinland
Mission of the Republic of Serbia to the EU
Homepage-Studio
APCO Worldwide
Google
European Commission, Cabinet of Commissioner Stefan Fule
Representation of the Free State of Bavaria to the EU
Kleveman, Nils
Klobucar, Slaven
Knops-Gerrits, Peter-Paul
Vertretung des Landes Niedersachsen bei der EU
European liberal Youth
Vlaams-Europees verbindingsagentschap
Köller, Michael
Kopetski, Matthew
Kowalska, Ewa
Kowalska, Magdalena
Krusiewicz, Malgorzata
Kucharczyk, Jakob
Kuepper Thomas
Lafleur, Julien
Köller, Michael
Kopetski & Associates
Lang, Christopher
Larkin, Zahra
Leppanen, Riikka
Løkkegaard Morten
Lopatowska, Joanna
Lopez, Xose Casas
Representation of the State of Rhineland-Palatinate in Brussels
Malta Business Bureau
ALDE MEP
Morrison & Foerster LLP
European Liberal Youth
Luchetti, Giovanni
Lüddecke, Rene
Marques-De-Athayde, Angela
Meyer, Niels
Michaux, Jean-Loïck
Moschakis, Nikolas
Naether, Anna-Verena
Navratil, Vaclav
Konrad-Adenauer-Stiftung
EWE
European Commission
European Parliament
European Commission - Business Continuity Management
CCIA Europe
European Commission DG Digit
Landmark Europe
European Publishers Council
Digital Economy Policy Group
European External Action Service
_______________________________________
16
Newson, Heide
Grenz-Echo
Ntantinaki, Anastasia
Committee of the Regions
O'Keeffe, Kieran
Interel European Affairs
Otten, Stefan
Vertretung des Landes Hessen bei der EU
Pape, Wolfgang
Paquay, Julie
Landmark Europe
Paratz, Jana
European Liberal Forum
Pavia, Agata
IFPI European Regional Office
Podgorny, Maria João
European Parliament - Office of MEP Vital Moreira
Quigley, Michael
Sovereign Strategy
Řezníčková, Kateřina
Rohde, Yvonne
NWR Bank
Rollison, Jeremy
European Digital Media Association
Rosenthal, Markus
Rosenthal Relations
Sagon, Hilde
International Committee of the Red Cross
Sahin, Fatma
EuroCommerce
Sandvik, Håvard
European Liberal Forum
Sarkic-Todd, Nathalie
Europe Matters
Schindler, Helen Rebecca
Rand Europe
Schneider, Miriam
Handelsverband Deutschland HDE
Schneider, Susan
Friedrich Naumann Stiftung für die Freiheit
Schröder, Ullrich
European Economic and Social Committee
Schwarz, Christopher
Representation of the Free State of Bavaria to the EU
Sherwood, Chris
Yahoo Inc.
Spindler, Caroline
europtimum conseil
Struve, Tanja
German Country Association
Suchodolska, Agnieszka
Sundermann, Marc
Bertelmanns Stiftung
Tegge, Andreas
Thies, Philip
Fleishman-Hillard
Thorstenson, Friederike
German Country Association
Timmerman, Marie
ABDA-Federal Union of German Associations of Pharmacists
Van Essen, Ulrich
General Secretariat of the Council of the EU DGA Information Assurance
Office
Vegys, Laurynas
Verstraeten, Gilles
European Students for Liberty
Vicente, Natalia
Telecom Italia
Vigkos, Alexandros
ThinkYoung
Violari, Melina
Facebook
Vollmann, Marcelo
Renault
Wade, Alison
Bundesverband deutscher Banken
Watson, Graham
MEP European Parliament
_________________________________________
17
Law4Business BVBA, European Law Matrix NV, European Law
Matrix Ltd,
Waumans, Peter
Ray Yin & Partners P.R.C. Lawyers Beijing and Shenzhen, Prof.
University
Shenzhen
Wautmann, Julia
NWR Bank
Wehnert, Fabian
Markenverband
Zeiner, Anthony
DATEV Cooperative
Zorban, Kimon
IAB Europe
Speakers
Alvaro, Alexander
MEP, Vice-President of the European Parliament
Backes, Michael
Professor at the Saarland University
Bisa, Peter J
Geschäftsführer TACTUM Gesellschaft für Technologie
Whelan Anthony
Head of Cabinet DG Information
Dalton, Mathew
Wall Street Journal Europe
Annette Godart-van der Kroon
LVMI Europe
Ellen Madeker
Friedrich Naumann Stiftung
_________________________________________
18
A Ludwig von Mises Institute – Europe report on
November 27th, 2012
Organizers:
The Ludwig von Mises Institute Europe
The Friedrich Naumann Stiftung für die Freiheit
Time and venue:
th
November 27 , 2012
Hotel Leopold, Rue du Luxembourg 35, Brussels
20
Speakers:
Annette Godart – van der Kroon
President of the Ludwig von Mises Institute Europe
Sophie In ‘t Veld
Member of the European Parliament for ALDE
Prof. Dr. Christopher Kuner
Fellow of the Centre for European Legal Studies,
Cambridge, and Editor in Chief of the law review
International Data Privacy Law
21
Dr. Carl-Christian Buhr
Member of the Cabinet of
Ms Neelie Kroes, European
Commission Vice-President
for the Digital Agenda.
Jean Gonié
Director of Privacy Policy
Europe, Middle East
and Africa for Microsoft
Hans Stein
Director of the Friedrich Naumann
Stiftung für die Freiheit
Moderator:
Daniela Vincenti
Editor-in-Chief at EurActiv
22
The Commission’s proposed general data protection regulation is currently
undergoing its first reading in the Parliament. Among other elements, the proposal
includes provisions that will govern data transfer – the flow of data within the EU,
and to and from third countries. This is a critical dimension of the data protection
discussion.
Being able to move data across borders safely and effectively is a precondition for the
successful uptake of cloud computing in Europe, and for the realization of the
economic benefits and innovative services that cloud computing is expected to bring.
As Commissioner Neelie Kroes has said in connection with the recent creation of the
European Cloud Partnership, “Europe has to become not only Cloud-friendly but
Cloud-active”. The proposed regulation needs to facilitate the safe, effective transfer
of data internally within the Union, and to and from third countries, and to encourage
industry players to compete to offer users better and more innovative data protection
technologies.
As the Parliament prepares to propose amendments to the Commission’s text, a
roundtable brought together experts from academia, industry and local government to
outline their views on what provisions are needed to “future proof” the EU legislative
framework.
23
The President of the Ludwig von Mises Institute Mrs. Annette Godart – van der
Kroon welcomed the participants to the dinner debate and started her speech with
reminding that the EU is currently revising its general data protection framework. She
posed the question what kind of rules on the electronic transfer of data – within the
European Union and to third countries – would give Europe the best chance of
reaping the benefits of the move to cloud computing, while providing strong protection
to EU-based users, both individuals and companies.
1
As Danny Palmer , online and broadcast journalist, wrote in his article “Making a
Europe fit for the cloud”:
“While Europe teeters on the brink of financial Armageddon, the European
Commission (EC) claims that a coherent cloud strategy for the bloc could generate
£127 billion per year and create 3.8 million jobs. In its Unleashing the Potential of
Cloud Computing in Europe report
2
, the European Commission suggests that
implementing a coherent cloud strategy across the region could cut the operational
costs of IT departments for all types of organizations, along with boosting productivity
and growth.”
For Europe to reap the full economic benefit of cloud computing it will require clear
and workable guidelines for data transfer in the EU’s reformed Data Protection
Package – the subject of the debate.
1
2
http://www.computing.co.uk/author/profile/2485/danny-palmer
http://ec.europa.eu/information_society/activities/cloudcomputing/docs/com/com_cloud.pdf
24
Talking about reducing market fragmentation, the fragmentation of the “digital single
market” also needs to be addressed before a coherent cloud strategy can be
implemented across Europe. Currently, the different national legal frameworks across
member states, combined with uncertainties over how digital content and data laws
operate when crossing borders, stand in the way of a single European standard.
That’s not to say the strategy is based around a “European Super-Cloud,” a
suggestion the EC is keen to refute. Instead, the aim of the policy is to provide an
umbrella organization. This European Cloud Partnership will bring together industry
experts and public-sector agencies – such as those responsible for the government
services focused G-Cloud in the UK and Andromede, its equivalent in France – in
order to help provide a cloud infrastructure that all member states will benefit from.
Identifying the key needs of the public sector is seen as a vital issue in successful
implementation of an EU cloud strategy.
The EC is also seeking to promote the adoption of similar standards in countries
outside of its jurisdiction. Its report makes reference to the need for a “reinforced
international dialogue” in a world that’s increasingly free of borders, due to the spread
of the internet.
American businesses, including Amazon, Google and Microsoft, already have a major
cloud presence within the EU, meaning that the US potentially has much to gain from
a Europe-wide cloud strategy as its’ companies, too, will be able to take advantage of
improvements in infrastructure and clarity of the regulations.
While welcoming the effort to achieve an integrated market, US companies may be
worried that the free flow of data between Europe and the US will not actually be
facilitated by the new rules.
There has long been tension between the US and the EU when it comes to
transferring data, not least because the United States Patriot Act – signed by
George W Bush in the aftermath of 9/11 – overrides EU data protection laws, allowing
the US government potentially to access personal data stored anywhere on the globe.
25
In a world which depends increasingly on the global flow of capital, goods and
services, ensuring appropriate mechanisms to facilitate safe and secure flows of data
would seem to be a key challenge in building the knowledge-based economy.
A recent Study
3
on the Reform of the Data Protection Package commissioned by the
European Parliament’s Committee on Internal Market and Consumer Protection
recommends taking into account, among other things, a dedicated cloud Safe
Harbour, binding Corporate Rules as well as self-regulatory instruments and industry
standards to facilitate the international transfer of data.
To enhance the free exchange of capital, goods and services and in this case
exchange of data information and preserve the freedom and protection of the
customer in the same time, is a challenge. Freedom is always and only possible in
the framework of the Rule of Law. Freedom, in fact, presupposes that the individual
has some private sphere, that there is some set of circumstances in his environment
with which others cannot interfere.
Freedom is not self-evident, but we have to accept the reality that freedom has two
faces: we want to be free to act and in the same time we want to be protected. To find
this thin line is very difficult, but not impossible.
Sophie in’t Veld, MEP for ALDE, started her speech about cloud computing with the
motto: “The sky is the limit”. Ms. In’t Veld said that so far legislation was limited and
determined nationally. These borders are fading and therefore the legislation cannot
be applied just for a specific geographical territory as “the clouds are drifting”. In her
view, we should not see data protection rules as an obstacle for the business, but
instead it should be regarded as a pre-condition for free trade. The MEPs by itself
don’t have a solution; there are no individual, national and even European solutions.
We need global ones, and the only way to make it is to cooperate with different
people in all the continents. The rules, regulations and directives approved until now
by the European Parliament and the European Commission are a minimum standard,
and in fact, what we need
3
http://www.europarl.europa.eu/document/activities/cont/201209/20120928ATT52488/20120928
ATT52488EN.pdf
26
is to raise up a culture of data protection and in that context trust and transparency
are very important. The Europeans want to find the ultimate solution and, in order to
do that, we need to be leading and run away from the thought that data protection is
limitation. That should help to give an advantage to the European companies and let
them be more competitive. The American companies are lobbying very hard for
Europeans not to have a regulation. In Mrs. In’t Veld’s opinion, data protection should
be a standard agreement for free trade agreements.
All in all, the main points that Ms. Sophie in’t Veld has covered are that data
protection has no geographical boundaries and the decisions have to be made
globally and in cooperation. Therefore a new culture has to be developed and trust is
one of the most important things as data protection is not a limitation, but rather a
guarantee of freedom of speech, anonymity and even a means to consumer’s choice.
Data protection is also vital for the competition policies.
Given the impact of cloud computing, data protection is becoming more important and
consequently people want to benefit from its’ use. Thus we need more data
protection. The more clouds we have - the better it is.
Dr. Christopher Kuner emphasized, that this topic concerns all of us, as individuals
and in order to make it less complicated, defined that the data we need to protect are
the data on the internet.
The first thing to realize is that there are problems related with data protection not
only in the EU but also in South America, Asia and other continents, in international
organizations, such as the OECD. This means that the regulations should be adopted
not in the small European bubble but worldwide. But then,
27
there is a problem: how to create a regular framework which would work for
everyone? And what kind of regulation structure is needed? How can an individual
protect his data in the third countries if, even within Europe, the regulation does not
fully work? So, the first thing needed is to create a system that works in Europe.
Mr. Kuner also mentioned that the question remains of whether people are willing to
give up their national constitutional rights in favor of EU constitutional rights. On the
other hand, governments should follow the same rules as they want the companies to
follow. Another point of criticism was that the discussion is focused too much on legal
regulation rather than on practical issues: there is a lack of practical tools. Dr.
Christopher Kuner showed some skepticism regarding the legislative proposals made
by the Commission, and noted that given the current financial crisis, economic growth
is an important factor of concern. In his opinion, despite the fact that the current
legislation on data protection is 15 years old, it is not working so badly. Despite that,
he admits that’s some changes may be developed, as long as companies are asking
themselves to whom they should turn if they have a problem concerning the data
protection. The authorities lack resources and they are not fully regulatory
independent. Since January 2012 the European Commission is working on this issue.
During the panel discussion, Dr. Carl-Christian Buhr, European Commission,
emphasized that cloud computing really could be a competitive advantage, as new
opportunities of business shall arise and new interesting things can be done to make
data much more secure.
28
Mr. Jean Gonié, the Microsoft representative for this debate, mentioned it was key to
make privacy a competitive advantage at Microsoft. It is in Microsoft’s DNA to “think
privacy” and propose services in a privacy-compliant way.
He stated that it is up to companies to make a difference and initiate change, and the
new EU regulatory framework ought to maximize the incentives for them to do this.
For example, the new general data protection regulation could provide for EU-wide
codes of conduct and schemes to award “trust markets” that would reward companies
that innovate in the area of privacy and data protection. Mr. Gonié explained that
customers want trust and transparency and they want to see concrete proof of the
location of the data. Companies must be responsible for the data. SMEs role is
essential in the EU market.
Cloud computing is doing more with less, so to achieve a full success SMEs should
its take advantage of its importance. Mr. Gonié at the end of his speech highlighted
the link between helping the EU embrace the cloud and promoting a “culture of data
protection.
During the Q & A session, someone was curious about how long it is going to take to
pass the regulation through the European Parliament. Referring to the question at
hand Mr. Gonié replied that it is true that it does take time for the process to move
and it faces difficulties but it is important to develop a new culture of privacy,
accountability, credibility, trust and transparency. These are the words that should be
linked with data protection. Codes of conduct, trust-marks and the like are potentially
important instruments to demonstrate that a company is trustworthy. Ideally the future
EU regulation will provide a legal framework to encourage their emergence.
Mrs. Daniela Vincenti, the moderator of this debate, referred to the speech on data
protection of the US Ambassador to the European Union, Mr. William
Kennard. With this comment Mrs. Vincenti stated that, although the US and the
European systems are structurally different, both have the chance to build the
foundation for a transatlantic digital single market. Those structural differences relate
to the fact that in the US there is a well-developed privacy system but rooted in many
statutory authorities and are therefore more sector-specific, while by contrast, the
EU’s legal tradition favors a single statutory framework, with centralized enforcement
by national and EU-level data privacy authorities.
29
According to Mr. Kennard, “The United States government is engaged with the EU on
a wide range of data privacy issues”. Again, the issue is assuring that all the personal
data shared by consumers with companies doing business in both
Europe and in the US is provided with high standards of protection.
In his concluding remarks Hans Stein, Director of the Friedrich Naumann Stiftung für
die Freiheit, urged the institutions to decide on a coherent regulation that opens up
business opportunities while not harming privacy rights. He also repeated the quote
that the “sky is the limit”, but that he hoped we will be able to avoid the “skyfall”.
30
List of Participants
Razvan Antemir
Legal Affairs Adviser
EMOTA
Thomas Grusemann
Corporate Group Representative
Jasper Bergink
Associate
Kreab Gavin Anderson
Jamie Harbour
Assistant
Member of the European Parliament for the
West Midlands, UK.
Henry Borzi
Journalist
zeroemission.eu
Antoine Cahen
Head of Unit, Committee of Civil Liberties,
Justice and Home Affairs
European Parliament
Christian Dürig
Director European Affairs
Deutsche Post DHL
Philip Eder
Manager, Government Relations
EMEA BSA | The Software Alliance
Townsend Feehan
Attorney | Legal & Corporate Affairs
Microsoft
Alberto Di Felice
Government Affairs Analyst
Qualcomm
Stéphanie Finck-Piccin
Senior Consultant
Cabinet DN
31
TÜV Rheinland Group
Marisa Jimenez
European Privacy Policy Senior Counsel
Google Brussels
Jakob Kucharczyk
Associate Director, CCIA Europe
Computer & Communications Industry
Association (CCIA)
Christopher Lang
Justice, Home Affairs, Infrastructure,
Consumer Protection and Sports
Representation of the State of
Rhineland-Palatinate in Brussels
Tobias Lemke
NRW.BANK
James Lovegrove
Managing Director
TechAmerica Europe
Joanna Lopatowska
Associate and adviser
Privacy and Data Security Group in
Morrison & Foerster's Brussels office
Andreas Pauckstadt
Consultant
Team Neusta
Cecilia Verkleij
Head of Sector Access to Information, DG
Home Affairs
European Commission
Sybill Pauckstadt
Representation of the
Free Hanseatic City of Bremen to the
EU
Agnieszka Wodecka
Legal Officer, DG Communications Networks
European Commission
Michael Quigley
CEO
Sovereign Strategy
Philipp Wolfram
Head Brussels Office
Telekom Austria
Hendrik Andreas Reese
Principal Consultant
TÜV Rheinland
Carl-Christian Buhr
Member of the Cabinet of Ms Neelie Kroes, VicePresident for the Digital Agenda
European Commission
Triin Saag
Office of Sir Graham Watson
European Parliament
Judith Sargentini
MEP
European Parliament
Natalie Sarkic-Todd
Director
Europe Matters
Marike Schlüter
Assistant
Joint Representation of the Free and Hanseatic
City of Hamburgand the State of SchleswigHolstein to the EU
Silvia Selandari
Assistant to Ken Ducatel, Head of Unit
Office software and Services Cloud DG
Tanguy Van Overstraeten
Technology, Media & Telecommunications
Linklaters LLP
32
Jean Gonié
Director of Privacy, EU Affairs
Microsoft
Christopher Kuner
Lawyer, Professor at Copenhagen university and
Editor in Chief of International Data Privacy law
review
University of Cambridge,
University of Copenhagen
Hans Stein
Director
Friedrich Naumann Stiftung fur die Freiheit
Sophie In ‘t Veld
MEP for ALDE
European Parliament
Daniela Vincenti
Editor-in-Chief
EurActiv
Annette Godart – van der Kroon
President
Ludwig von Mises Institute Europe
Marion Kokel
Assistant
Bruno Casqueira
Assistant
Ruta Miliute
Assistant
33
“Will
The Ludwig von Mises Institute – Europe would like to thank its’ supporter for this
conference
34

final report conference on ICT 2 - Ludwig von Mises Institute Europe

Transcription

Similar documents

Beilage durchblättern - Nordsee

Kundendienstwerkstätten Stand: 01/06 Name 1 Name 2 PLZ Ort