Europe's DIgital Revolution

The General Data Protection Regulation (GDPR) marks the beginning of a new era in Europe. With the new legislation intended not only to strengthen EU citizens' rights but also to simplify rules for businesses in EU Member States, every EU citizen is a vital stakeholder in the process.
This post was published on the now-closed HuffPost Contributor platform. Contributors control their own work and posted freely to our site. If you need to flag this entry as abusive, send us an email.

The General Data Protection Regulation (GDPR) marks the beginning of a new era in Europe, with rules and regulations fit for the digital age. With the new legislation intended not only to strengthen EU citizens' rights but also to simplify rules for businesses in EU Member States, every EU citizen is a vital stakeholder in the process.

Data flows are increasingly at the heart of modern economies, as demonstrated not only by the adoption of the GDPR but also the completion of the EU-US Privacy Shield Agreement, covering data flows between the EU and its largest trading partner. These sweeping changes regarding citizens' data reflect the growing importance of personal data; as the Former Vice-President of the European Commission Viviane Reding put it back in 2012, "Data is at the center of the digital world. It is the currency of this new market". In this context, there are three issues that both documents cover which I would like to highlight here.

Firstly, the new legislation is broad-based covering 28 Member States, replacing the patchwork of individual legislation that was previously in place. This has given rise to concerns regarding the interpretation and its consequent implementation. A key feature of the GDPR is the vague nature of certain sections, allowing space for interpretation. Although a minimal amount of divergence at a local level is impossible to avoid due to the differences between Member States, it is important to reach a standard on common areas across the EU. If there is too much divergence between the Member States' applications, the full potential to unlock the benefits of the EU Digital Single Market will not be attained.

One example of differing interpretations is the concept of "legitimate interest pursued by a controller" in Article 6 (1f), which is one of six possible grounds for lawfulness of data processing. The definition of what constitutes a "legitimate interest" could vary considerably in different Member States. In this way, the GDPR could be likened to casting a dragnet covering a wide area but it means collecting a lot of unwanted material alongside the coveted targets.

The second issue is the importance of consumers trust, tied to the fundamental right to privacy. Citizens must trust in both businesses and governments, that valuable personal data will not be used for any purpose other than that which the data subject intended. The fundamental right to privacy yet presents an opportunity for businesses to ensure that the concept of "privacy by design" is embedded into any new product that enters the market. There is much to gain for businesses that manage to do this, as they can both demonstrate compliance with the regulation and create a competitive advantage at the same time. Microsoft for example, has understood this, with Vice President John Frank explaining that "our business is built on trust". The companies that provide the clearest proof of this stand to benefit the most.

Third and finally, these regulations unlock the benefits of a harmonized EU Digital Single Market. European Commission President Juncker declared to the European Parliament in 2014 that "if we are successful in implementing a real digital single market we, can generate 250 billion Euro of additional growth in Europe". The adoption of the GDPR is an important step in accelerating the trend for future e-commerce here in Europe. With the new rules in place, consumers and smaller companies will no longer face the complex and frequently conflicting rules that applied to cross-border transactions. In 2015, only 7% of SMEs in the EU participated in cross-border trade; we hope that the application of the GDPR will go some way towards raising this figure. Consequently, we will see trusting consumers flocking to purchase digital goods and services which will in turn see business flourish and States poised to reap the benefits in terms of growth.

However, the process will not be a ride in the park. The European Commission has perhaps been optimistic when it underpinned the proposal of the GDPR in 2012, with the explanation that the reforms would lead to administrative savings of 2.3bn Euro across Member States. According to the British Government's Impact Assessment, there would be a cost of compliance with the new regulation in the UK of between 100m and 360m GBP every year.

There is also the fact that non-compliance will result in fines of up to 4% of annual global revenue. The fact is that there could well be a cost to comply with the new regulation, as the EU makes a shift from having some of the most laissez-faire laws on data protection to having the most advanced laws in the world in this area. This is also not to even mention the effect of "Brexit" on the issues discussed here.

Popular in the Community

Close

What's Hot