All the latest UK technology news, reviews and analysis

EC calls for single privacy law to protect €1tn worth of data from PRISM snoops

18 Sep 2013

Europe needs new cross-national data protection laws to countermand the ongoing backlash against businesses, following the PRISM revelations that rocked the world earlier this year.

Vice-president of the European Commission and EU commissioner for justice, Viviane Reding, made the call to arms during a speech in which she claimed the region's economy will suffer unless new uniform data protection laws are created.

"Trust in the data-driven economy, already in need of a boost, has been damaged. This is a source of concern because of the potential impact on growth. Collected, analysed and moved, personal data has acquired enormous economic significance. According to the Boston Consulting Group, the value of EU citizens' data was €315bn in 2011. It has the potential to grow to nearly €1tn annually in 2020," she said.

"Trust has been lost in all these spying revelations. They are particularly damaging for the digital economy because they involve companies whose services we all use on a daily basis. But trust in the data-driven economy began to fall long before the first NSA slides were published. The data protection reform proposed by the Commission in January 2012 provides a response to both these issues: to Europeans' concerns about PRISM as well as the underlying lack of trust."

The NSA's PRISM campaign was revealed earlier this year, when ex-CIA employee Edward Snowden leaked a number of classified documents to the media. The documents showed the NSA was gathering vast amounts of customer data from numerous big-name companies including Google, Yahoo, Facebook and Microsoft.

The EC commissioner cited recent estimates of the damage caused to the US cloud computing industry following PRISM as proof of her claim. "The economic impact of these doubts has now been quantified. The Information Technology and Innovation Foundation (ITIF) estimates that the surveillance revelations will cost the US cloud computing industry $22-$35bn in lost revenues over the next three years," she said.

Reding said the incident proves the need for four key changes in European governments' approach to data protection.

"First, territorial scope. The Regulation makes clear that non-European companies, when offering goods and services to European consumers, will have to apply the EU data protection law in full. European rules should apply from the moment of collection to the moment of deletion of the data.

"Second, international transfers. The Regulation establishes the conditions under which data can be transferred from a server in the EU to a server in the US. It is the transfer of data outside the EU which brings it within the reach of the NSA," she said.

"Third, enforcement. The new rules provide for tough sanctions (up to two percent of a company's annual global turnover) to make sure that companies comply with EU law. At the moment, when confronted by a conflict between EU and foreign law, foreign companies have no reason to hesitate. In future, they will think twice.

"Fourth, processors. The Regulation includes clear rules on the obligations and liabilities of cloud providers who are processors of data. As PRISM has shown, they present an avenue for those who want to access data."

She said as well as restoring customers' trust in businesses, the reform will help boost Europe's digital economy, making it easier for companies to ensure they are compliant with data protection laws.

"Take a look at Europe's current regulatory framework from a business perspective. It is no longer fit for purpose. It is fragmented and it is complicated. I say fragmented: a business operating in all 28 member states has to comply with a different set of rules in each country. It has to deal with a different data protection authority in each country. The reality is 28 different laws and 28 different interlocutors," she said.

"I say complicated: the current rules – a directive which dates back to 1995 – are 12 pages long. But they are implemented differently in 28 countries. In Germany, for example, the current federal data protection law is 60 pages long. Take those 60 pages and multiply by 28 member states. Then you'll get an idea of what the term ‘regulatory complexity' means in practice. A mountain of red tape which has an enormous cost."

The European Commission is one of many political bodies to criticise PRISM. The European Parliament approved plans to launch its own investigation into the US's PRISM cyber snooping programme.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Devices at work poll

Which device do you use most for work?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Big Data Architect - Permanent - London - 70k-120k


Senior Programme Manager - Software Development

Senior Programme Manager - Software Development £50...

Trainee Recruitment Consultant - Media Desk

Premier Group Recruitment are a renowned IT, Media and...

KPI Data Analyst (Performance monitoring, SQL, SSRS)

KPI Data Analyst (Performance monitoring, SQL, SSRS...
To send to more than one email address, simply separate each address with a comma.