European Data Protection Supervisor
European Data Protection Supervisor

New year, new technologies

New year, new technologies

Friday, 18 January, 2019

Happy new year to you all.

The ‘phoney war’ is coming to an end. The new data protection framework (still not complete, remember, absent updated rules on communications confidentiality!) has applied since May last year, but most people have probably not noticed much change to the way they are treated online, apart from a proliferation of pushy demands for ‘consent’ to accept business as usual. We have seen, as predicted, the first sanctions, important but hardly to be expected to remedy systemic abuses of personal data. Nevertheless evidence is emerging that thoughtful moves away from behavioural targeting may have had a positive effect on advertising revenues. 

In 2019 the GDPR will get real, as regulators reach conclusions on the now over 250 cross border cases from the One Stop Shop of possible violations. The biggest challenge for data protection authorities is going to be resources, and that means not just sufficient budget allocations and highly competent personnel, but a firm understanding of the technologies behind data processing and communications service provision. The EU legislator has now written this task into the job description of every independent supervisor: both the GDPR (for national authorities) and the new GDPR for EU institutions (Regulation 2018/1275, for the EDPS) require us to ‘monitor relevant developments insofar as they have an impact on the protection of personal data, in particular the development of information and communication technologies and commercial practices’. 

Technological expertise is undisputedly a component of the regulator’s DNA - along with oversight, auditor, mediation and dispute resolution. (See Colin Bennett and Charles Raab’s seminal study for more details, and Charles’s more recent analysis).

The EDPS has invested a lot of time and energy in these questions, especially Artificial Intelligence which, following our discussion paper of 2016, is now a mainstream concern for data protection commissioners across the world. Today we are pleased to publish the first in a new series of Technology Monitoring briefs, on smart glasses.  These are devices on the cusp between science fiction/dystopias (Black Mirror) and eerie reality (see its deployment in the Chinese police forces, for instance).  We hope it is useful and would be interested in your feedback on this and suggestions for future editions.

Topics: