Karl-Theodor zu Guttenberg, former German Minister of Economics and Technology and former Minister of Defense, is Chairman of Spitzberg Partners LLC in New York.
This article was first published on Techonomy.com on April 1, 2014
BERLIN -- 2013 is the year we collectively took off our blinders, as people across the globe realized how interconnected, exposed, and vulnerable we truly are to surveillance by companies and governments. 2014 will determine whether or not we begin bringing order to this environment, harnessing new technologies and big data to buttress the world economy while mitigating ever-growing privacy and security concerns.
The key players in the public and private sector are now working to protect their interests in a world that is shifting from government to "Googlement"--driven by the unprecedented ability of companies to gather, store, and evaluate vast amounts of personal data. Adding to the challenge will be unabated progress on more invasive technologies such as biometrics, household robotics, smart homes, and connected cars, coupled with widespread adoption of cloud computing.
Even overconfident U.S. tech titans must concede that Europe is in the pole position to shape this process and that the Old Continent's success or failure will reverberate around the world. Having long prided itself on its progressive stance toward a person's right to privacy when it comes to personal data, the EU used a frenzied 2013 to build momentum towards bringing its rusty data privacy legislation into the 21st century.
Adopted in 1995 -- at the dawn of the Internet age -- existing EU laws only set general protection guidelines that require each state to draft its own legislation. This led to a rather uneven implementation across Europe. Further, these outdated laws fail to address newer technologies such as social media and cloud computing. However, the planned update, titled the European General Data Protection Directive (GDPR), aims to address these concerns and harmonize laws across the region.
At the 2012 announcement of the GDPR, the EU declared that "a single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year." Not to mention the potential to reinforce consumer confidence in online services.
Sounds lovely, but the devil is always in the details, and efforts to finalize the text of this new law must navigate conflicting interests within Europe, such as concerns about its short-term impact on the economy. Great Britain, in particular, has doubts about the law's impact on Europe's recovery. Germany, on the other hand, is worried about protection standards and that the new, common law will weaken its national privacy laws -- currently the most stringent in Europe.
Further complicating the issue, Chancellor Merkel recently called for the creation of a European data network. This is the first time she has embraced the position of what can be dubbed "data secessionists" -- a major fallout of the damage the NSA scandal has left on transatlantic relations. Additionally, the EU and Brazil are planning an undersea data cable to circumvent U.S. spying efforts. At best, this is a shortsighted and reactionary project motivated by a combination of sulkiness, ignorance, and the willingness to widen existing transatlantic rifts
Despite this clamor, the European Parliament approved the Commission's GDPR proposal in mid-March and is now aiming for an agreement on this reform by the end of 2014, at which point the legislation would go into effect within two years. However, the upcoming European elections in May 2014 will paralyze the EU for months, and likely lead to an influx of Eurosceptics, making Europe's policymaking process difficult to predict.
The world needs Europe to get its house in order. A stable regulatory environment is critical, both to foster consumer confidence and to allow companies in every industry to plan ahead. American and Canadian ICT companies in particular are facing future uncertainty towards equivalency agreements that they made with Europe to host data in their home countries. European inaction could also imperil its ongoing Transatlantic Trade and Investment Partnership (TTIP) negotiations with the U.S.
Europe's success would add momentum to other ongoing trade negotiations around the world where digital goods are a key focus. For example, the Trans-Pacific Partnership negotiations face hurdles over data regulations -- both Australia and New Zealand are arguing against a U.S.-implemented provision that bans states from mandating where companies must keep their data.
Of course, there are no one-size-fits-all solutions for data laws in the global economy, but making progress at this juncture will demonstrate that regulatory structures and the connected economy are reconcilable. This advancement promises to refute growing calls for the Balkanization of the Internet and to dissuade countries from adopting incompatible legislation, developments which would add hundreds of millions of dollars to ICT operating costs around the world and stifle innovation down the line.
Clearly, these complex issues will not be resolved any time soon. Still, the priority for now is to at least craft European legislation without hindering the economy -- and to take the wind from the sails of "data secessionists." European countries are confronting an issue that matters to the entire world, and we all need them to be successful.
Karl-Theodor zu Guttenberg, Erica Jong