In the information society, efficient data protection has an elementary importance for nearly all areas of life. Nowadays, each individual citizen permanently move within a delicate balance between free data transfer and the necessary parallel protection of personal data. And although data protection in Europe is secured as a constitutional right, the latest technological developments in IT and the use of electronic devices in everyday business and private life demand a further strengthening of the right to informational self-determination.
Most users in Europe are themselves small mobile data centres with which they leave daily digital tracks. Through the use of mobile phones, tablets and car navigation systems we have access to data in the internet and to detailed geographical information anytime and anywhere. With our smart and bonus cards we make purchases online or save our movements in public local traffic. All this information about our actions in the digital world can be followed, logged and added to profiles effortlessly by others.
In this context the General Terms & Conditions that consumers are forced to accept in ecommerce must be viewed critically. Because without accepting the terms and conditions, willing online shoppers remain excluded from the blessings of these modern shopping applications. But who reads and understands these text wildernesses?
Security Authorities’ Surveillance Mania
To this comes the almost hysterical surveillance mania driven by national security authorities who scrutinise their citizens around the clock. You don’t even necessarily need to think exclusively about the most recent revelations concerning the NSA but for example about the innumerous CCTV (Closed Circuit TV) cameras in London City which were installed along with the congestion charge.
And then there are the leading social networks such as Facebook, Flickr or YouTube and the various Google applications in which millions leave a multimedia form of their personal stories. Last but not least come the increasing number of consumers and also companies who look towards cost-effective data saving in the cloud.
Trust in data protection has been unsettled
Spectacular data leaks, data losses and data thefts such as the recently announced hacker attacks on Sony’s online platform with access to 77 million user accounts or the saving of location data from radio networks by Apple without permission have further unsettled consumers’ and users’ trust in data protection. Not forgetting the identity theft by hackers in Adobe customer accounts. At Adobe masses of user IDs and encrypted bank card numbers were illegally extracted from the US software giant’s network. This incident massively shook up the users and sensitised them for security concerns and better data protection.
The European Union has been trying to fight against this for three years with a new EU data protection laws. In 2010 the new strategy was introduced for strengthening the EU data protection laws and in January 2012 the EU Vice Commission President and Justice Commissioner Viviane Reding presented the principles of the reform to the media and the European public. In September last year a detailed report followed by the commission to the European Parliament, council, economic committee, social committee and regional committees on safeguarding privacy in a connected world.
One of the central concerns of a European data protection framework for the 21st century is to achieve more transparency for users without restricting the possibility for free data transfer. The user should be returned the right to self-determine the exposure and usage of their data.
Each individual must be clearly informed as to which data is being collected, for what purposes and to whom this data is accessible. And the user must know what rights they have and to which authorities they can go if these rights are infringed upon.
In this context more transparency is particularly needed in social networks in order to give users a higher legal security surrounding the handling of their data. The same applies to cloud service operators. They should also declare where their customer data is stored. The EU Commission also want to force large non-European companies who are active in the European single market under the sceptre of a new data protection framework. Furthermore, in future there will be clear definitions of under what conditions data may be forwarded to authorities or security forces. Since according to the framework decision of 2008 the protection of personal data in police and justice collaboration in criminal cases should be specified.
With the aim of improved transparency for data handling, data storage and data forwarding, the establishment of a European cloud infrastructure and European consistent legal standards for cloud services is vital. Data and information managed in European data centres and server farms where customer access takes places via European data paths should feature the highest degree of security, reliability, integrity and availability. And a European jurisdiction to all aspects of cloud services should strengthen the user’s trust in this IT future model and enable a continent-wide, mass roll-out of services out of the cloud.
Collective European system of values
The demand for transparency shouldn’t be prevented at the technical or legal level. Anyone who passes on data to a third party in good faith for administration or whatever other IT-supported transactions in the electronic media should always know who they’re getting into bed with. This is why I consider the obligation for transparent activities essential. Each company should therefore be required to publish its accounts and make them easily findable.
A collective European system of values for transparency and fairness for customers would, in my opinion, improve the user’s trust in the internet market place and in cloud-based applications.
To cut a long story short I can only appeal once more to all responsible decision-makers in Europe to collectively implement the vision of the “United Clouds of Europe”. Now is the time to act as the legal course appears to be being set for the future of Europe’s IT.