The European Commission (EC) is considering changes to its digital privacy regulations that would constrict cloud computing and slow or limit the flow of data across its borders. Many of these regulations would stymie the global knowledge economy without addressing privacy concerns head-on.
A Sunday New York Times article explored reactions to these new privacy proposals. Anna-Verena Naether, policy manager for DigitalEurope cautioned, “We have to make sure it doesn’t lead to a Fortress Europe approach.” Cameron F. Kerry, the general counsel of the United States Commerce Department, underscored her message, warning that walling off cloud computing in Europe would threaten transatlantic trade:
“It would be a sad outcome of the surveillance disclosures if they led to an approach to Internet policy-making and governance in which countries became a series of walled gardens with governments holding the keys to locked gates.”
“But that is where we will end up if all data has to stay on servers located in the nation in which a citizen lives or where a device is,” he said. In his view, the regulation might restrict the flow of information among citizens, as is the case in China with barriers that are called the Great Firewall. “The digital world does not need another Great Firewall — in Europe or anywhere else.”
Limiting the transfer of data as a backdoor way to control government surveillance is self-defeating and counterproductive. It distracts from real measures that might protect citizens from overly intrusive government surveillance.
So how can the EC protect and secure personal information and privacy while continuing its role as a player in the digital economy? First, the Commission should be careful in crafting data privacy and cloud computing regulations, resisting the urge to impose onerous regulations that would effectively make Europe into an innovation-free zone. Second, it should maintain trust in the U.S.-EU Safe Harbor framework, which allows for the transfer of information from the EU to the U.S. for participating companies—abolishing this critical framework would actually weaken the ability of U.S. regulators to enforce compliance with European privacy laws for participating entities. And third, the Commission should continue to rely on additional mechanisms for accountability including contracts, binding corporate rules, codes of conduct, and other enforceable commitments.
There’s a lot at stake. London’s Center for Economic and Business Research predicted in 2010 that cloud computing would create 2.4 million jobs in France, Germany, Italy, Spain and the UK by 2015. Putting burdens on the commercial transfer of information could seriously limit that growth.
Protecting privacy and data security is a critical objective for the EC. But protecting those 2.4 million jobs should be a key objective, too. The European Commission should take a big-picture look at its data policies, and find proactive ways to protect privacy that won’t block Europe’s ability to compete in the global knowledge economy.
Laura Greenback is Communications Director at SIIA.