Human beings are fascinated by technology. Think of the fascination we all feel, no matter our race or geographical location, when we see a fire in front of us. As this was probably the first big innovation of humankind that allowed our ancestors to cook and keep warm during the cold winter nights.This fascination has been deeply encoded into our DNA as Homo sapiens.
Technological developments come with the promise of making our lives on this planet better, and perhaps even possible if the worst prospects of climate change materialised (let’s hope not!). At the same time, we should not forget that this fascination towards technology, which is understandable as it is somehow linked to our survival as species, makes us sometimes blind to their dark side or, better put, to the risks associated to the bad use of new technologies.
Even if the Internet is still a relatively recent technology, we are now starting to realise some serious damage resulting from our failure to address some risks and to prevent the bad use of some technologies. We have, for example, allowed foreign powers to weaponise social media against our democratic systems or tolerated (still today) that inhuman algorithms target children with ludicrous online challenges that put their lives at risk. All of this, of course, by illegally processing the personal data of our citizens.
As mentioned by European Data Protection Supervisor Wojciech Wiewiorowski in his video statement for Data Protection Day: “Have we maybe forgotten that the role of governments is to empower, not to weaken, the position of individuals? That this need for protection is even more crucial for the vulnerable ones, those who otherwise risk being left behind and aside, at the margins of this society?”
The GDPR has been widely recognised as a gold standard around the world and this should make us all proud. At the same time, we should also be humble to admit that we need to continue to improve effective enforcement, in particular at European level. We must confront challenges that are simply too big for any of the national data protection authorities when acting in isolation, even for the biggest and the most experienced ones. This is not politics, this is pure common sense.
The efforts done in this respect by the European Data Protection Board (EDPB), as the EU body tasked of ensuring coordination and consistency in the implementation of the GDPR, are extremely important. We should express our deepest gratitude and appreciation to the employees of the EDPB Secretariat, who have worked tirelessly since the creation of this body, back in May 2018, with very little resources. The organisation of around 400 meetings a year with representatives of national data protection authorities speaks for itself. Our gratitude and appreciation also goes to its members, the national data protection authorities, who have been devoting an important part of their time to European matters, and in particular to Andrea Jelinek, the Austrian data protection commissioner, who has taken on her shoulders the difficult task of being primus inter pares, and has chaired this new-born EU body in an exemplary way. Many thanks, Andrea and colleagues.
The results achieved by the EDPB over the last four and half years are impressive and they have received justified praise by many voices around the world. Thanks to the mechanisms set up by the GDPR, a strong culture of cross-border cooperation is replacing the old national approach, with 639 final decisions to date involving more than one authority. This is clearly a breakthrough, in particular if we compare these figures with the absence of any meaningful trans-frontier enforcement cooperation only a few years ago.
We should definitely be proud of these achievements, but, at the same time, we cannot, and we should not, rest on our laurels. We have a long way ahead of us to reverse the harmful effects caused by the fact that privacy and data protection have been seriously neglected by some governments and powerful actors for a long, long time (and it is still the case in many government and places around the world).
In European Data Protection Supervisor Wojciech Wiewiorowski’s own words, in his video statement for Data Protection Day:
“Private digital goliaths have acquired so much power and information that people have lost any meaningful sort of control on what is processed about themselves; people are helpless in the face of such asymmetry of power. Public governments around the world engage in geopolitical confrontation, where “privacy” is either manipulated or anyway breached with covert surveillance (see Pegasus).”
I strongly believe that we, as Europeans, must renew our commitment to this endless march that is the European Union process in which we all advance together, sometimes quickly, sometimes more slowly, sometimes in more challenging times, sometimes more victoriously, towards more democracy, more prosperity and more respect for fundamental rights. Because data might be digital, but the damage a wrongful processing may cause to human beings is very real. As mentioned by European Data Protection Supervisor Wojciech Wiewiorowski in a recent article, this applies both to what is going on behind the veil of “Big Tech” and also “to those emerging from the stormy waters of the Aegean Sea, the cold forests of Białowieża, or the fences of Melilla, (because) the Charter of Fundamental Rights is not limited only to those holding EU citizenship”. Therefore, following the example of those who walked the same path before our time, we shall continue marching on, together, as Europeans.
Happy Data Protection Day.