Data governance: a forum on Europe’s specificity (or the need for one)

Dr Francesca Musiani, Center for Internet and Society (CIS), National Centre for Scientific Research (CNRS), Paris, France, francesca.musiani@cnrs.fr

PUBLISHED ON: 10 Dec 2014

Monday 8 December was a good day for Isabelle Falque-Pierrotin, wearing the “double hat” of President of the Commission nationale de l’informatique et des libertés (CNIL, the French Privacy and Data Protection Commission) and President of the “G29”, the gathering of data protection agencies of all EU countries. At the UNESCO headquarters in the heart of Paris, she was the host of the European Data Governance Forum (EDGF) – an assembly of experts seeking to advance reflection on one of the most pressing issues of our digital times, the governance of personal data. The four round tables at the forum examined the extent to which, and the ways in which it is possible to reconcile the speedy pace of today’s technological innovation, the centrality of personal data for the digital economy, and the increasingly developed capacity of actors both public and private to profile and monitor individuals – with particular attention paid to the ethical and legal dimensions of personal data collection and use by third parties.

2015, the “Europe of data” year

2015 is likely to be a crucial year for the “Europe of data”, as both Falque-Pierrotin and French Prime Minister Manuel Valls mentioned at the conference’s opening. The General Data Protection Regulation adopted by the European Parliament will be discussed by member states in the coming months, and several ongoing international negotiations, from the “safe harbour” to TTIP, are related to the circulation and the protection of data. While Valls reaffirmed, albeit in general terms, several principles – including the creation of a reinforced right to be forgotten for minors, the right to data portability, the simplification of terms of use, and a more transparent framing of state-driven data collection – Falque-Pierrotin admitted that an ethical framework is “difficult to build”. This said, she recognised the urgency of offering one in our times and the necessity to “innovate” from a juridical standpoint. The G29 Declaration on Data Protection, approved on 25 November and presented at the end of the conference day, aimed at crystallising common values among European data protection agencies and making proposals that would fuel national and European discussions. The sixteen articles of this declaration underline two things: on the one hand, they emphasise European privacy-related values, and how they may not be suitably protected unless Europe hosts its own data (by promoting European services); on the other hand, they strongly oppose “secret, massive and indiscriminate” surveillance, be it state- or private sector-led.

Trust, at the root of data-driven business models

These two principles were illustrated by several speakers during the EDGF, whose presentations centered on the notion of trust as a possible business model for European-based services. Cozy Cloud CEO Benjamin André pleaded for the “restitution” of data as a lever of trust, and advocated the re-decentralisation of the web as a true alternative to the super-powers of its “giants”; StartPage Development Director Alex Van Eesteren called for a simplification of encryption and search protection techniques, so that better privacy-enhancing tools may be made as easy and comfortable to use as a passe-partout Google account.

For too long, have citizens been excluded from the debate, said Privacy International head Simon Davies. That is bound to change with initiatives such as Code Red, which is to be launched in Brussels in mid-January – a set of proposals for “citizen empowerment” when it comes to digital security. Max Schrems, the initiator of the Europe vs. Facebook collective lawsuit, compared Facebook’s line of behaviour related to personal data to that of a driver who is not afraid of what will happen to his car if he parks it in the middle of the street: “shouldn’t the giants be afraid of getting a fine as well?” he asked.

Overall, the notion of privacy – the forum seemed to say – is not dead yet; indeed, Europeans have never been keener to acquire or regain control over their data. The two principles stated by the G29 declaration – Europe “mastering its own data” and condemning surveillance – are likely to keep informing discussions about (European) data governance in the close future. Personal data protection – suggested Isabelle Falque-Pierrotin – is ultimately as much an issue for individuals as it is for the future of sustainable democratic models.

Add new comment