Věra Jourová - Commissioner for Justice, Consumers and Gender Equality
Brussels, 5th Annual Data Protection & Privacy Conference, organised by Forum Europe
Ladies and gentlemen,
I am delighted to open this year's European Data Protection & Privacy Conference. My new portfolio of Justice, Consumers and Gender Equality puts people at the centre and seeks to protect their rights. But it is also a portfolio with clear links to the jobs and growth agenda of the Juncker Commission.
Data protection is one of my key priorities and an essential part of two of the 10 key priority projects of the Juncker Commission:
o creating a European Area of Justice and Fundamental Rights based on mutual trust; and
o the Digital Single Market.
The European Commission has been working for a strong, modern data protection framework for a while now.
My predecessor Viviane Reding – who will address you later today - fought hard to take the data protection reform forward. Together with my colleagues in the new Commission, I am determined to continue this effort and to make the reform a reality.
We Europeans are particularly sensitive about risks of mass surveillance and misuse of personal data, as a result of our history.
A high level of protection
At the same time, we face new challenges to privacy and data protection, mainly on the internet and social media. Today, 92 percent of Europeans are concerned about mobile apps collecting their data without their consent. And 89 percent of people say they want to know when the data on their smartphone is being shared with a third party.
These are not just statistics but individual experiences of many people. I have myself recently experienced how it feels when my personal data is mis-used on the internet – when I discovered that somebody created a fake Twitter account in my name.
We want a high level of protection for individuals; we want people to regain control over their personal data. Citizens need strong rights also in the digital age. Strong data protection rights that are effectively enforced are the only way to ensure people's trust in the internet, data flows, and new technologies in general.
Building a Digital Single Market
Trust is also a prerequisite for a Digital Single Market in Europe to exist and function properly.
The proposed Data Protection Regulation will do away with 28 differing national laws, and provide a single set of rules on data protection, valid across the EU. We will simplify things by removing unnecessary administrative requirements, such as notification requirements for companies, further cutting red tape and increasing legal certainty for businesses.
The reform will create a level playing field for Europe's digital industry: companies located in third countries such as the US, when offering services to Europeans, will have to play by our rules and adhere to the same levels of data protection as their European competitors.
Comprehensive and modern data protection rules would also inspire trust among consumers. People who trust that their personal data is protected will buy goods and services online. Clear and enforceable data protection rights will boost the digital Single Market.
The potential benefits of a Digital Single Market are enormous. But to make it happen, we need to adapt for new technologies coming on the market – like big data, cloud computing, the Internet of Things. These technologies, these investments will only come to the European market if we have sound data protection rules in place.
Right to be forgotten (Google ruling)
But restoring trust is not the job of the EU alone. Business also has a role to play. As a reaction to the recent ruling of the European Court of Justice on the right to be forgotten there have been accusations of "censorship".
In reality, the "Google ruling" does not give people the green light to have content removed from the web simply because they find it inconvenient. The ruling calls for a balance between the legitimate interests of internet users and citizens' fundamental rights. A balance that will have to be found in each case.
We should also remind ourselves that neither the Commission nor the Court have just invented the right to be forgotten. It already exists, in the EU Data Protection Directive from 1995. With the data protection reform, we update and clarify this principle for the digital age. We do this by making it clear that EU rules apply to all companies offering products and services to European consumers, no matter whether their servers are based inside or outside the EU.
The Article 29 Working Group further clarified recently that citizens' requests for de-listing results must apply to all dotcom [.com] domains, and not just search results at national level (such as google.be for example).
Like the Court's ruling, the aim of the data protection reform is a fair balance of rights: we want to empower citizens to manage their personal data while explicitly protecting the freedom of expression and of the media. We want to strengthen people's rights while creating predictable conditions for businesses in the Digital Single Market.
We therefore need to swiftly conclude the ongoing negotiations of this reform project and start implementing the new rules. The Italian Presidency has made very important progress, most recently at the Justice Council a few days ago. I now count on Latvia to take this forward and finalise discussions. Our aim remains to adopt the reform with the co-legislators in 2015 – as requested by the European Council.
International data flows
President Juncker's programme makes clear that we will also uphold the right to data protection in our external relations.
Among my key priorities is therefore to ensure that our "Safe Harbour" arrangement with the United States is really safe and that all EU citizens can enforce data protection also in US courts.
We are making some progress in this area, but there is further work to be done. I had an opportunity to discuss this with Kelly Welsh yesterday.
My aim is to improve the Safe Harbour arrangement, to make it actually safe for European citizens' data. But the suspension of the arrangement remains an option on the table.
One open issue relates to the access US national security authorities have to EU citizens' personal data. And I hope that we will soon get a robust response from the US on this.
We are also negotiating an "Umbrella" agreement with our American partners on data protection in the area of law enforcement. In this respect, the Umbrella agreement must eliminate a very visible discrimination, one which the US has recognised: the right of effective judicial redress should be granted by the US to EU citizens not resident in the US (i.e. ensuring that EU citizens not resident in the US enjoy the same rights as those enjoyed by US nationals in the EU today).
The US administration is discussing a draft bill with the Congress and the Senate. I now expect words and commitments to be turned into action.
Democracy, freedom, the rule of law and fundamental rights are core values of the European Union. And it is because I believe in those values that I'm prepared to defend them and fight for them.
Thankfully, the European Parliament recognised the significance of the data protection reform early on. It found a broad compromise, backing the Commission's proposals. Member States have taken more time because the positions were further apart. But they have now started to move closer together and to move forward.
At the European Council at the end of June, Heads of State and Government affirmed the importance of "a strong EU General Data Protection framework by 2015". It's not a minute too early. The world will not wait for us. And we shouldn't wait for the world to impose lower data protection standards on us. We should strive for a gold standard in data protection because we owe it to our citizens, and we owe it to our businesses.
If we want the Digital Single Market to take off, we need to put in place the right legal framework, and we need to do that now.