Tip:
Highlight text to annotate it
X
MALE SPEAKER: And welcome to this seminar jointly organized
by the Center for European Policy Studies and Google on
the topic of online privacy.
We are a bit late already on schedule because I think food
was abundant and good.
And I hope you enjoyed it.
And I also was struck by the demonstration I got on
Google's personal history search and Book Search.
So we already have a lot of fun, now it's time to discuss
the serious things.
And let me just express gratitude to all of you who
have come to listen to this seminar.
I think that the topic is really hot and interesting.
We're going to hear different views from different speakers
that work on these issue.
Online privacy is becoming very interesting also for the
areas that are covered by the Center for European Policy
Studies increasingly.
We are a generalist think tank and we work
mostly on European issues.
But increasingly, we do work on global ICT policy issues
and innovation research, competition policy, privacy
issues, and everything that is linked today what we call the
digital era in particular.
So we are very happy to be teaming up with Google, one of
the key players in this field, to hear the views about what
is becoming a key issue not only from a user perspective
but also from a business perspective and for the
policymakers who are probably increasingly facing
difficulties in trying to find out how to deal with privacy
issues in the online world.
So I will not comment further on this because we have three
very authoritative speakers.
First of them to take the floor will be Peter Hustinx
who needs no presentation but I will introduce him anyway.
He's a European data protection supervisor, so is
probably Mr. Privacy in Europe.
And so we are very happy that he accepted
our invitation, Peter.
And I'll leave you the flour.
Thank you.
The format of this conference, just to clarify, we plan to
have short opening statements of around 10 minutes.
But then we expect reactions from the floor, so we expect a
very lively reaction from you.
So every question that pops up, take note and please react
at the end of the rounds of first speeches.
So Peter, thanks.
PETER HUSTINX: Thanks to CEPS.
I'm delighted that this is not a subject I'm competent to
deal with under supervision.
But it is highly relevant in the advisory context and
that's how I approach it.
Let me first say very clearly that I have no shade of doubt
in my mind that privacy in the digital age is becoming more
relevant instead of less relevant.
And that applies to offline and online alike.
This is because it is a fundamental human need, it's a
fundamental right, it makes a lot of business sense, and so
forth and so on.
And so we simply have to deal with it.
I do not subscribed to those who say, no
privacy, get over it.
I do not buy that at all.
I think that is a narrow vision.
It's ill-informed.
So that's where I start from.
Then before we have to discuss reconsidering policy options,
let alone changing present approaches--
of course, the world is changing, so some change is
involved-- we have to consider what the
existing framework provides.
Let me just briefly make a number of points.
We have in Europe a legal framework
which is in the directive.
It applies to all actors with an establishment in Europe
wherever they act.
And it applies to all actors which use means in Europe,
wherever they act.
So that's pretty global to start with.
That is, rules of jurisdiction provide attachment points.
That's the General Directive 95/46.
We have on top of that some provisions, some additional
rules on providers and networks, but that's the
existing rules.
And I want to make the point that that kicks in a very
large part of what we're talking about because this
doesn't happen just as nature happens.
Even climate change is something we can
react on and act on.
But this is done, this is organized, its architecture
structured by people, real people, real companies.
So we can also deal with whatever happens online.
Now, in brief point, this is not Europe alone.
There is an increasing number of French speaking or Spanish
speaking countries around the world which are acting along
these lines.
But we also see a surprising overlap in substance with OECD
principles which are being reconfirmed over and over
again and applied in different parts of the world ranging
from Canada to New Zealand and Australia.
And we look at the APEC framework, it's also
interesting, that is a very pragmatic approach to allow
some late starters to step in.
But of course, countries like Canada, Australia, New Zealand
didn't want a bit to give way from what they were doing for
their citizens.
In fact, it gives additional protection when Australian
data moved to Vietnam, et cetera, et cetera.
So I see a very great overlap.
And the emphasis in these existing principals then is to
make them work, to implement them, to just
take them into account.
And part of that is also enforcement.
So the present emphases--
this is a commission position which I fully support--
let's put the energy in making it work better.
Part of that is just facing consequences.
So I'd like to see some action.
And I should mention to you that just these days this
morning, the 29 group-- you know the jargon, the
regulators group, privacy in Europe, are discussing search
engines as an interesting subject.
And they have planned to finalize a
report, say, early 2008.
That's probably the first quarter.
Now, that's where we are with existing framework.
This is not a void.
There is substantial guidance and it needs to be applied.
And we have an experience also of important players who have
found it important to comply even if they were not to the
fullest subject to this jurisdiction.
So this is a relevant jurisdiction.
And I'd like to see some compliance.
In terms of future framework, let me also say that change is
unavoidable, but it shouldn't take the energy now.
We should at least not take away from implementation.
But I would expect some five years down the road, we need
to see some changes in the existing framework.
Where?
Not in the principles, although some parts perhaps
need to be revisited.
My emphasis would be we need more flexible arrangements to
make it work better, to make it more effective.
That is, maybe the administration around this
could be simplified.
Not to free space, but to make protection more effective.
So I was thinking of developing--
that's an interesting idea from the APEC framework.
I'm quoting it all the time.
That is the accountability principle.
So if we can make important players accountable wherever
they act, that's very much in line with what we already
have. I think we could enhance that.
And that accountability goes with responsibility and
liability, no doubt.
I would like to see some real privacy enhancing technology
deployed on the net, because that is the architecture we
need to have this online privacy safe and dependable.
I'd like to also see some possibilities for legal
action, not only to persons involved, person affected, but
maybe also other actors.
Maybe in the commercial marketplace, they could act to
protect privacy because they're investing in privacy
which is so important on the net.
Don't make this a monopoly of data protection authorities.
I'd like to see some investment in third-party
quality control, auditors and things like that, to
demonstrate that all this architecture is indeed
deployed and working.
Finally, two final points.
I still think that data protection authorities have a
crucial role in that context, but they
need to be more selective.
They need to be able to concentrate on main problems,
have heavy sanctions if things go wrong.
Courts will also be involved.
Some colleagues have a big problem in being too
straitjacketed in their legal frameworks.
And finally, I think we need to inform users very much.
Some of them are terribly naive, and we need empowered
users which are able to protect their rights.
And then we have a system of more diversity which is really
challenging.
And I think it will face the need for more differentiation
in the future.
And we'll see then that privacy is going to be a key
issue on this online, also offline, world of ours which
is developing into digital age.
That's my starting comment.