Data trust hurt by US surveillance scandal
Trust needs to be restored and growth boosted, according to European justice commissioner Viviane Reding, who is pushing for agreement on the EU’s data protection regulation which has been on the table for the past two years.
Data protection and compliance is good for business, she said. The hacker attack on Sony that compromised the data of 77m people cost the company up to $2bn (€1.5bn) and damaged its reputation. She compared this with Hamburg that has a thriving data-sensitive gaming industry, and some of the highest standards in data protection globally.
A survey by the Cloud Security Alliance after the NSA revelations found more than half of those contacted hesitant to work with any US-based cloud service provider.
“Perhaps they had heard the warning given by Ladar Levison when he closed down his Lavabit email service: ‘I would strongly recommend against anyone entrusting their private data to a company with physical ties to the United States’,” she said.
The Information Technology and Innovation Foundation estimates the surveillance revelations will cost the US cloud computing industry between €16bn and €24bn over the next three years.
“This provides an opportunity for cloud providers who are able to deliver a higher standard of safety and security for data. Data protection will be the selling point, a competitive advantage,” said Ms Reding.
The revelations about the US collecting internet-based intelligence has damaged trust, especially in US companies. The data protection reform attempts to cover this by having non-European companies offering services in the EU having to apply EU legislation in full.
It sets out the conditions under which data can be transferred from a server in the EU to one in the US when it can be accessed by the NSA.
Around 90% of the public are wary of what is happening their data on their smartphone. Many know they have no control over the way their personal data is used, and when they disagree, do not understand, feel helpless and cannot act, trust evaporates, she told the annual European data protection conference in Brussels.
The answer is to design products in such a way that minimal personal data is collected and by putting individuals in control through the right to be forgotten, right to data portability and to be informed of breaches. The penalty for non-compliance will be up to 2% of a company’s annual global turnover. Cloud providers are also covered.
The new regulation will also unite the digital single market in the EU which is currently fragmented with each country having its own set of rules. Each will continue to have a national data protection authority but greater co-operation between them.
The US has similar problems to the EU, with no single federal law on data protection and a maze of state regulations offering varying degrees of security, and the White House has said it will work with the House of Congress to produce a privacy bill of rights.
However, said Ms Reding, data protection will be outside the scope of the trade negotiations, and once a single set of rules is in place in the EU, the US will be expected to produce the same.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
