Sat, Jul 14, 2018 - Page 8 News List

EU needs data protection partners

By Vera Jourova

The Facebook-Cambridge Analytica scandal has made us realize how important strong data protection rules are for society as a whole, including for the very functioning of the democratic process.

These and other developments have shown that the protection of privacy, as a central individual right and a democratic imperative, but also as an economic necessity, is crucial: Without consumers’ trust in the way that their data are handled, our data-driven economies will not thrive.

The EU General Data Protection Regulation (GDPR), entering into application on May 25, is the EU’s response to these challenges and opportunities. It seeks to create a virtuous circle between better protection of privacy as a fundamental right, enhanced confidence of consumers in how the privacy and security of their data are guaranteed, in particular in the online world, and economic growth.

While building on foundations that have been in place for more than 20 years under a 1995 directive, the GDPR contains important innovations. Many of these changes are particularly relevant to Taiwanese and other foreign companies doing business in Europe.

Such companies will now offer their goods and services in a harmonized and simplified regulatory environment. Instead of having to deal with 28 different data protection laws and 28 different regulators, one set of rules will apply and will be interpreted in a uniform way throughout the continent.

Obligations to notify data processing operations or obtain prior authorization from data protection authorities will be scrapped. A number of key concepts are clarified and adapted to the needs of the digital economy. International data transfers from the EU will be simplified and facilitated. All this will mean increased legal certainty, and a significant reduction in compliance costs and red tape.

The GDPR is also based on a modern approach to regulation that rewards new ideas, methods and technologies to address privacy and data security. The principles of data protection “by design” and “by default” will create incentives to develop innovative solutions from the earliest stages of development.

The so-called “risk-based approach” means that companies that limit the level of risk of their processing operations will not be subject to a number of obligations. Coregulatory tools, such as codes of conduct and certification mechanisms, are introduced to help companies managing and demonstrating compliance.

Last but not least, new rights and safeguards, such as the right to portability or the notification of data breaches, will put individuals in better control of their data.

Empowering consumers also means ensuring that they feel safer and more confident when sharing their data. These are just a few examples of how the effective protection of a fundamental right can go hand in hand with unleashing the full potential of the digital economy.

These developments are of course not limited to Europe. Today, more than 120 countries, from almost all around the globe, have data privacy law in place. Taiwan has also adopted a data privacy law.

Many of the new, or modernized, laws tend to be based on common elements: comprehensive legislation (rather than sectorial rules), a set of enforceable rights and setting up an independent supervisory authority, among others.

This story has been viewed 2962 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top