Data Protection in Europe – A Meeting with Viviane Reding

Today I joined a number of representatives from other European social networks at a meeting with the Vice President of the European Commission, Viviane Reding. The reason behind the meeting was the proposed reform of the EU’s data protection rules recently published by the Commission which is aimed at standardizing data protection legislation in Europe and introducing a number of changes to the status quo.

The main topic from my perspective was the introduction of a level playing field for everyone as the proposed reform clearly stipulates that anyone who offers services to users in Europe has to adhere to the same European data protection laws. This would be a major step forward from the current situation in the EU where each country has its own data protection legislation in place. This is compounded by the fact that a lot of non-European companies, particularly US-based businesses, claim that German data protection laws cannot be applied. This then leads to unfair competition as German providers are forced to comply with strict German legislation whereas American providers can be far more liberal in their approach, which in turn gives them a competitive edge. This is of course to the detriment of users who rely on these strict German data protection laws and are unfortunately not aware that they do not apply to providers based abroad. This needs to change, which is why I’m a clear supporter of the proposed reform put forward by the European Commission.

Having said that, several details still need to be clarified. The reform grants every user a “right to be forgotten”, for example, meaning that users can contact a provider and demand their data be permanently deleted. In principle this is a good thing, but the scope of this right is still unclear. Does it mean that users can demand to have blog posts, comments and other similar interaction deleted as well? That really doesn’t make much sense! Fortunately Ms. Reding proved to be very open to discussion and was more than willing to take our comments and concerns on board. We will of course maintain contact with her in order to monitor the situation.

There is still one fundamental problem that needs to be solved, and that is the matter of how data protection in Europe should be handled at grass-roots level. At the moment providers in Germany are not allowed to process data unless users provide their express consent. The proposed EU-wide legislation would not change this situation, which is known in Germany as “prohibition pending approval”. This principle applies to weapons handling and games of chance, for example, but can it also be applied to data processing? I don’t think so because data in the 21^st century is a raw material that forms the basis of great products and services. Subjecting data processing to prohibition pending approval is an anachronism. Besides, a number of alternative concepts have already been discussed and put forward, so it’s time that political decision-makers take up the gauntlet and get involved!