G.D.P.R., new European law for the protection of privacy and the future of the global data economy
G.D.P.R. was launched in 2012 by Viviane Reding MEP, then Vice-President of the European Commission. She told me from Brussels that she was worried about “big business” like the American Gafa – the French style for Google, Amazon, Facebook and Apple. “They just ignored the old law,” Reding said. “Cambridge Analytica’s Facebook scandal, if it happened on May 26 this year, would have cost Facebook billions of dollars, among other things, and they could not pass on citizens’ personal information without asking citizens to ask, and you can Do not steal and simply tell them that under the new law it is not possible, and that if you do, the punishment will be very, very severe. ”
For Reding and for his colleague and G.D.P.R. Moderator Jan Philipp Albrecht, the law mainly affects companies that process personal data. “In the last ten years, there has been no chance of catching up with the big Silicon Valley Internet companies,” said Albrecht. “With G.D.P.R. this will change.” He hopefully added, “Consumer power has not really started.”
The Data Protection Officer in Ireland, Helen Dixon, is one of the people at the heart of the G.D.P.R mission, where many multinationals have their European headquarters. In anticipation of the law, his office hired a hundred people on a short detour, with forty other people on the way. “We have many lawyers, communications specialists, investigators – some on grounds of criminal law, others on prudential grounds – and we have business analysts, systems analysts,” he said. she said. The Vision, the Dixon of the Irish D.P.C. She is far from the team of 30 people she inherited in 2014. The main question, she told me, “is how many simultaneous exams we can perform.”
Albrecht’s and Dixon’s enthusiasm contrasts with the omnipresent cynicism that many privacy professionals seem to be spreading in their profession. Even Halpert and Ustaran, who are more positive than most, have struggled to say how G.D.P.R. Compliance will improve the life of an average citizen. The law promises advances in global information hygiene: It becomes difficult for large data processing companies not to know what the data is, where it is stored, and how it is stored. But at the individual level, the benefits are less obvious. In general, companies have simply designed longer privacy policies – an exaggeration that refutes the intent of the legislature. When the law comes into force, independent experts and activists hope for more meaningful interventions. Mireille Hildebrandt, a professor at the Free University of Brussels, said that G.D.P.R. could be especially useful for eliminating algorithmic distortions and other cases of machines doing something wrong. “Automated decisions that have a significant impact can be challenged and need to be meaningfully explained,” she told me.
Data protection is sold to Europeans as a tool for balance, equality and autonomy in the digital world. But it is also a very individual diet; It is unlikely that a person’s actions will change. It is therefore relatively easy for us as a collective to make concessions of comfort, ignorance or resignation. Article 80 of the G.D.P.R. is a feature that seeks to remedy this situation by introducing, for the first time in European law, the possibility of collective redress. There is no automatic right to sue for damages, but G.D.P.R. allows temporary orders to stop the processing of data. The provision is carefully protected because, as Reding points out, “what we do not want in Europe is a class action lawsuit of the American kind that only creates the activities of lawyers”. Paragraph 80 allows civil rights attorneys or consumer advocates to defend themselves in the name of the community or the public interest.
According to Albrecht, these NGOs and other institutions will not only be looking for the “only one” who has time to manage their own data, but also those who have no time or risk. one hundred percent in these technologies, laws and regulations. “But even with these various actors, there is a cautious note about the aspirations of the law.” No data protection law protects us from ourselves, “said Albrecht.