To come straight to the point: Yes, the European data protection reform will be better than the Directive of 1995. However, the truth is also the following: this structure is no longer the right response to the digital revolution which is increasingly invading our privacy, even threatening it and changing the digital world. It has missed the obvious objectives: the necessary course towards the protection of our privacy and meanwhile, a ‘welcome culture’ towards a digital and data-driven era.
More than any other technology revolution, digitalisation has changed our social and work behaviour, our means of communication, future competitiveness, law enforcement, property rights, copyright laws and the fundamental right to data protection. The importance of data has changed fundamentally since the eighties. Back then it was about the simple processing of data to easily find, change and archive information. A simple piece of data remained a simple piece of data. Today, relationships between accumulated data are made and processed so that one’s whereabouts, interests, feelings and behaviours can be read. It is thus possible to predict how an individual behaves, how he chooses, whether he lives healthily or what kind of potential lies dormant within him.
The interconnection of these results with the data of other persons or with the environment, health or social data brings forth completely new insights and business models today. In other words, data and its far-reaching analyses have become big business which generates growth and prosperity.
This technological advancement challenges all extensive previous business models. Even if one rejects this development, he/she cannot escape it. This would be economically fatal, as global economic competition will increasingly align itself with these technological competitive advantages, otherwise irrelevance threatens.
Today, data must fulfill multiple purposes of which a person in the eighties could not possibly imagine. This involves, firstly, the protection of our privacy, secondly, our economic survival and competitiveness, and thirdly, an appropriate and also necessary combat against terrorism and crime through intelligence or law enforcement agencies.
Pressure to adapt legislation to the rapidly-changing data-driven era
The pressure to act is great because the change is taking place so rapidly. This is especially true for the policies and decisions of the Supreme Court. The ‘safe harbour’ decision of the European Court of Justice (ECJ) was right for the revision of the mechanism for transatlantic data exchange, however, subsequently very wrong because it essentially means that a legal data transfer can take place in the United States only when their national security conforms to European data protection standards.
Now, if the highest European and national courts enter a competition in relation to who brings forth the best fundamental rights for data protection and do not represent the changing realities, Europe will lag behind in this technological development. It will only survive if it can adapt to change. Therefore, the courts must try to bring together the changed relationship and meaning of data in accordance with the fundamental right to data protection.
The same applies to politics. However, politics relating to data protection are currently the biggest problem. We are encouraged, as legislators, to find a new approach and to respond to the data revolution. Unfortunately we will not succeed in this reform given our current level of knowledge. The reason for this is that we have adopted the data protection structure of the last century. The ‘disruptive thinking’ has not yet found a sufficient sediment amongst the political decision-makers and certainly not with the ideologically predisposed who want to protect us all from the ‘evil world’ of data processors.
The type of privacy we knew a decade ago will have no place in the future. It will be affected by the data that we produce ourselves and that we provide for others.
Europe’s economic future is data-driven
Ever since the so-called Big Data Applications with the massive public exposure regarding inappropriate data usage, one should have realised that this structure no longer corresponds to the reality of data protection. I was, up to this point, of the opinion that we could prepare a good data protection reform. This has now been reversed.
Big Data is not fundamentally incompatible with data protection, yet it is in a sense an antidote to many data protection principles previously applied. We could not forgo Big Data because otherwise we would shut ourselves out of a development that has already begun worldwide; because of the pursuit of the individual and the economy for self-optimisation, for example, in the health-medical field, the use of Big Data is simply required because the free flow of data and the analysis of Big Data applications develop the potential for new economic opportunities.
It must be the task for a new European data protection law to combine the challenges of an economic, data-driven future with the protection of privacy! But for that we must create easy access in the form of pseudonymous data, in connection with data trustees and ‘opt-out options’ that allow for massive data processing, including data linkage and also personal data. In doing so, the rights of individuals should not be affected, but also not, as the main criteria, demands for consent and information duties in the foreground.
However, greatly determined efforts have been made to limit the usage of a new and necessary data category upon a data protection technique. However, a data category such as pseudonymous data could better protect individuals and at the same time allow Big Data applications to be adequately protected. With more creativity, the EU could become a role model and could prove that it is possible to align the globalised digitisation of people to the framework of an ‘analogue’ of fundamental rights-related values. Even the economy currently fails to revolt loudly or massively - it too will miss its chance!
If not here, where else is a revolution taking place that is crying out for adaptation and advancement? I am convinced that future-oriented data protection must protect privacy. But this will not succeed with the criterion of compliance because the individual will comply wherever he expects an advantage in everyday life. Thus, the power of fact will make data protection superfluous in many important areas by undoubtedly, the self-optimisation of individuals. Therefore, technological development penetrates into our home domains without further limitations. And what's worse: this type of data protection in its old structure is the death of our privacy!