Will the European Data Protection Regulation protect us from spying?
In the EU, the PRISM scandal has led to a stronger impetus for the upcoming Data Protection Regulation. But will this new legislation have the desired effect?
During the past few months we have heard shocking revelation after shocking revelation about government spying activities. In particular programmes such as PRISM that are run by the NSA have angered EU citizens and politicians. Not in the least because a different privacy standard is applied to US citizens than to the rest of the world. In short: according to the US government, American citizens have a little bit of privacy, but the rest of the world definitely has none.
In the EU, the PRISM scandal has led to a stronger impetus for the upcoming Data Protection Regulation. European Justice Commissioner Viviane Reding has used PRISM to promote the Data Protection Regulation in the EU Parliament, stating: "This case shows that a clear legal framework for the protection of personal data is not a luxury or constraint but a fundamental right."
However, it is most likely that the EU Data Protection Regulation will do nothing to curb government spying activities in the EU or the rest of the world. The first reason is simply because the Regulation does not deal with this topic: it regulates the use of personal data by companies and government bodies, but topics such as national security and law enforcement are not covered by the Regulation. But even if this were the case, I highly doubt whether non-EU countries would comply with such rules.
Personally, I think a legislative solution is only a (very) small part of a solution. I think that we should accept the reality that countries spy on each other (this has been the case for thousands of years). Rather than trying to protect us via symbolic gestures such as strengthening EU data protection legislation, EU politicians should be realistic and pragmatic and find practical solutions to defend us from spying by foreign powers.
One pragmatic solution would be to become less dependent on foreign technology and services. As it stands, we Europeans are making ourselves extremely vulnerable to foreign spying because of our strong reliance on foreign technology and foreign companies. For instance, we Europeans have come to expect cheap phones full of free software and services. This cheap phone is manufactured in China (often under appalling working conditions), and loaded with free software and services from the vibrant US tech sector. Is it then such a big shock that both China and the US use this same device to spy on our activities via built in backdoors?
European security experts such as Mikko Hypponen argue that we need a stronger European tech industry and I tend to agree with them. Having a European stronger EU tech sector might kill two birds with one stone: it will strengthen our privacy and it will make our European economy stronger.
But if this is a realistic scenario remains to be seen. In any case, the new Privacy Regulation will not aid this cause. On the contrary, it might even be counterproductive. With fines of up to 2% of the annual turnover of a company for violations of the Data Protection Regulation, the European continent might become a very risky place for innovation. Making the EU even more dependent on innovations developed in other countries.
It is ironic that the very tool intended to strengthen our privacy might end up weakening our privacy.