European Data Protection Supervisor
The digital information ecosystem farms people for their attention, ideas and data in exchange for so called 'free' services. Unlike their analogue equivalents, these sweatshops of the connected world extract more than one's labour, and while clocking into the online factory is effortless it is often impossible to clock off.
Where I come from, we have a pleasing little idiom: conoscere i propri polli – literally, to know one’s own chickens. It means to have an intimate appreciation of a character or a familiar situation. We in Europe certainly need to get better acquainted with our own way of safeguarding public security, as the ongoing debate on international commercial data flows illustrates.
25 May 2018 is not only GDPR day.
It is also scheduled to be the day on which a new Regulation (the new 45) governing data processing by the European Institutions, Bodies and Agencies (EUIs), will become applicable, replacing the current Regulation (EC) No. 45/2001.
25 May 2018 will mark an important milestone in the history of data protection with the full application of the new General Data Protection Regulation (GDPR). Together with the Data Protection Directive for police and criminal justice authorities, the GDPR will set the standard for personal data processing for many years to come.
We are approaching the holiday season, a period of excess and over-indulgence followed by doomed resolutions to live more healthily and frugally in the New Year.
Data protection of course has always been about dignity and restraint. It is based on the idea that respect for humans means being careful with what you do with information about them.
In the last few weeks, I have been asked to look beyond the GDPR to imagine future scenarios for regulation of digital rights in the EU and around the world.
Data Protection Officers (DPO) from the EU institutions and bodies met today in London at the 42nd meeting of the Network of DPOs, which was hosted by the European Medicines Agency (EMA).
It is seven years ago now that the 32nd International Conference of Data Protection and Privacy Commissioners met in Jerusalem and adopted its resolution on Privacy by Design.
Henry Kissinger, in one of perhaps the most famous quotes which were never actually uttered by the person to whom they are attributed, is alleged to have complained that when he wanted to telephone the European Union he didn’t know what number to ring. I am often asked for my reflections on the transatlantic relationship under the new administration, and in response I have suggested that indeed it would be helpful to have a nominated points of contact for questions of privacy and data protection law.
I have repeated on many occasions my deep conviction that the GDPR is going to be the keystone of data protection law for a generation.
This generation is going to include the ‘millennials’, digital ‘natives’ who have grown up knowing only connected things, with their social lives and education mediated by touch screens and apps.