Accessibility Tools

Big data rights: Let’s get together


Big data rights: Let's get together

6 October 2016, by Giovanni Buttarelli

Last week, in partnership with our co-hosts, the European Consumer Organisation, BEUC, we brought together high-level experts from across a spectrum of policy areas to talk about the future of our freedom and privacy online. It was a full house of regulators, legal counsel, technologists and non-government organisations, and a full day of intense debate ranging between subjects as diverse as merger control, indigestible privacy policies and encryption.   We also had over 500 people following the discussions via live webstream, with the recording available here.

It was an honour to include among our group of excellent speakers EU Competition Commissioner Margrethe Vestager and US Federal Trade Commission Terrell McSweeny. Each of these leading competition enforcers emphasised the potential for growth and competitiveness of data driven technologies and ground breaking business models. But they also recognised the growing importance in competition enforcement of data, the centrality of privacy protection to trust in web-based services, and the duty of regulators to work together to make sure that the online world develops in the interests of the individual and society.

Echoing one of the key messages in our opinion on Coherent Enforcement of Individual Rights in the Age of Big Data, Commissioner Vestager identified fairness as the uniting thread in the enforcement of competition, consumer and data protection rules. Discussions during the course of the day also confirmed the Commissioner's observations on the growing importance of personal data as a factor in digital sector mergers as well as for competing with dominant market players. 

We need to better understand the implications of concentrations for choice as well as privacy and other fundamental rights like freedom of expression and non-discrimination. These rights are also part of the offering of digital service, that is, part of the quality parameter in competition. There is huge potential for consumer law to complement data protection when scrutinising the terms and conditions of online services and analysing the effects of the Internet of Things on individuals especially children and the most vulnerable. Data breaches, to repeat the striking analogy from Amanda Long, the Director General of Consumer International, will be tomorrow’s car crashes if we do not put in place the necessary safeguards now. We need to identify the persons to be held accountable for decisions resulting from the algorithms powering web-based services. 

The EU has the expertise and resources to support the development of the next generation of services, to shape the so-called Fourth Industrial Revolution, in a sustainable way that respects and reinforces the values expressed in the Charter of Fundamental Rights and which are shared - though expressed differently - around the world.  It was pointed out that the pioneers of the internet never intended such a concentration of personal information in a few hands. The take-it-or leave-it approach to online terms and conditions is well past its sell-by date. Privacy policies, unfortunately, serve the controllers' interests rather than the individuals. It’s time to redress the unfairness the black box phenomenon where companies aiming to know everything possible about the consumer shielding its own internal processes and decision making.  

The sad truth remains that the market isn’t delivering the privacy enhancing services which people are entitled to choose. Personal data stores will be one way of the individual reasserting her control over personal data, and we were impressed to learn of the work the Japanese administration is doing to promote such decentralisation of data storage. I will soon be issuing an opinion on this topic. Another way could be supporting internet domains where individuals can be free from covert tracking. Implementing data portability and system interoperability will also be crucial, a point made by the Director General for DG Connect when he addressed our conference. But no single jurisdictional framework of law and regulation is enough to ensure such innovative disruption.

So our attention now turns to harnessing this energy and good will from all sides. Regulators need, as the Commission Director General for Justice and Consumers noted, to break out of silos and for that experts and NGOs need to keep up the pressure, highlighting cases of potential abuse and exploitation of consumers. We have launched a Digital Clearing House (DCH) for digital market regulators of all shapes and sizes. I was delighted to receive strong support from speakers as well as from enforcement agencies across Europe. We will be in contact very soon with each of these agencies to discuss how the network should work and how it can best add value and reinforce their existing activities.  

My colleague, the Belgian Privacy Commissioner said during his presentation that the DCH should be on every regulators to-do list.  As I said in my closing remarks, regulators need to get into shape. We should work together to look at the effects of our decisions on specific cases and reflect that in our forward looking guidance documents. Same-sector enforcers have long realised the need for international cooperation, and legal reforms in recent years, as well as ongoing projects like the Network of Networks and contact between ICPEN and GPEN are vital steps in the right direction. But in the post-globalisation age, the next frontier is not geographical but the legal fiction of separate jurisdictions. This is not a question of one enforcer stealing the clothes of another; they should work in tandem where there are breaches in more than one area and share knowledge of the fast moving technology. 

Clearly this is a subject generating great interest and I would encourage you to keep the ideas flowing, by using the Twitter hashtag #BigDataRights and keeping an eye on the Big Data page on our website as well as on BEUC.org.

All blogposts

  • 25 March 2017

    60th anniversary of the Rome Treaties. Giovanni Buttarelli to participate in the meeting of the 27 EU heads of state and heads of European Union institutions in Rome, Italy.

  • 15 March 2017

    Data Protection and the EU institutions. Read the latest blogpost by Giovanni Buttarelli and the EDPS Opinion.

  • 15 March 2017

    EDPS sees opportunity for stronger consumer and data protection. Read the EDPS Opinion and the press release.

  • 13 March 2017

    2018 International Conference of Data Protection and Privacy Commissioners to be hosted in Brussels. Read the press statement.

  • 07 March 2017

    EDPS calls for consistent improvements in the approach to EU border policy. Read the EDPS Opinion and the press release.

  • 28 March 2017

    Giovanni Buttarelli meeting with Greg Nojeim, Senior Counsel and Director, Freedom, Security and Technology Project, Center for Democracy & Technology (CDT), Brussels, Belgium

  • 28 March 2017

    Giovanni Buttarelli meeting with Cornelia Ernst, MEP, Brussels, Belgium

  • 27 March 2017

    Processing of personal data  by the Union institutions, bodies, offices and agencies, Study group meeting, EESC, Participation of Giovanni Buttarelli, Brussels Belgium

  • 25 March 2017

    60th anniversary of the Rome Treaties, Participation of Giovanni Buttarelli in the meeting of the 27 EU heads of state and heads of European Union institutions, Rome, Italy

  • 23 March 2017

    Forum on International Privacy Law, Participation of Wojciech Wiewiórowski, Königstein, Germany

  • 23 March 2017

    Participation of Giovanni Buttarelli in DAPIX, Brussels, Belgium

  • 23 March 2017

    Concurrences Review, Law & Economics Workshop: Big Data, Speech by Giovanni Buttarelli, Brussels, Belgium

  • 13 March 2017

    Regulating Privacy through Ethical Standards and Accountability Principles in the era of Big Data, Keynote speech of Wojciech Wiewiórowski: Towards a new digital ethics – data, dignity and technology: How to ensure accountability in personal data management?, Brussels, Belgium