Ask a person what they know about data protection, and their answers will vary. Some will mention Big Tech scandals like the one with Facebook and Cambridge Analytica. Others will reference the General Data Protection Regulation (GDPR), subsequently admitting that their only encounter with it was on a meditation app in an episode where the GDPR is read aloud to lure users to sleep. The more pompous might flaunt the term “Brussels effect” to describe the non-monetary EU export-product that is the global impact of the GDPR. Yet, beyond this Big Tech, snooze-inducing, market perception of data protection lies a field of law that is only beginning to make its mark on the world.
Forty one years ago, on the 28th January 1981, the Council of Europe opened its data protection convention, known as “Convention 108”, for signature. It became the first legally binding international instrument in the field of data protection, ensuring the right to data protection for all individuals in its Member States. Forty one years later, the 28th January has become the annual “Data Protection Day”, and today over 120 countries have adopted legislation securing the rights to data protection and privacy. This day is therefore an annual chance to promote and discuss the growing importance and relevance of data protection.
Daily encounters with data protection have skyrocketed over the last few years, consider the hundreds of daily cookie banners you see on websites, or the questions you might have asked regarding the limits to our fundamental rights and freedoms during the pandemic. Beneath this emerging collective awareness of data protection, and amidst its varying associations and perceptions lies a fundamental right, a human right of growing importance to our future.
Enshrined in the EU Charter of Fundamental Rights, the right to data protection rests on an equal footing with other fundamental rights, such as the right to freedom of expression or the right to life. But, with such monumental status also comes the expectation that Member States will ensure its highest level of application and respect. In the EU, such oversight on data protection issues takes place at national level.
Each EU Member State has its own independent public authority, known as their data protection authority, which is responsible for overseeing and enforcing data protection laws. Recent enforcement actions by such authorities have garnered media attention for their hefty monetary penalties, such as Luxembourg’s €746 million fine against Amazon, or Ireland’s €225 million fine against WhatsApp. The EU institutions too have their own data protection authority – the European Data Protection Supervisor, whose office is located nowhere but in Brussels itself. This is also where all national data protection authorities meet to discuss common challenges and forms of cooperation.
Brussels has always been a birthplace for discussions on important issues and innovative ideas. Some of them, for better or for worse, have gone unimplemented. Those that were implemented often concerned situations of great gravity, affecting the lives of millions of EU citizens, or contributed to the ever-growing integration of the EU and its common standards. Recent proposals by the European Commission on the so-called Digital Markets Act and Digital Services Act exemplify an increasing need to turn our attention to our wellbeing in the digital world. Not only are our current standards being tried and tested by the immense technological boom worldwide, but so are our abilities to cooperate on digital issues that span the remit of multiple jurisdictions.
To bring this dialogue at the forefront of consideration and to strengthen the role of Brussels as a source of future-looking ideas in the digital context, the European Data Protection Supervisor announced a conference scheduled for 16/17th of June 2022.
The conference, titled “The future of data protection: effective enforcement in the digital world”, will bring together global stakeholders from the digital regulatory sphere to discuss digital governance and strategy. It will explore how differing governance models, like the one of the GDPR, can interact and interplay with other digital regulations, taking into account respective strengths and weaknesses. To its conference, the European Data Protection Supervisor intends to invite all, in order to spark a genuine conversation across demographics about a fundamental right that affects everyone.
Such plans to lead this dialogue are not the only ambitions of the European Data Protection Supervisor this year – it also plans to rename its Brussels headquarters the “Data Protection House” in order to promote an inclusive space accessible to all citizens that can foster debate, artistic creation, and scholarly exchange. Central to the project is also the need to encourage digital sovereignty and solidarity, and uphold European values in a way that makes data work for people all across Europe, especially the most vulnerable. Part of this goal is to support European privacy enhancing technologies, and other diverse legal tools to foster a fairer and more sustainable digital Europe.
At the heart of these efforts is the notion that our fundamental rights and freedoms cannot be taken for granted – we must continuously work together to defend and preserve them. Data protection authorities across Europe all strive towards this goal, but we cannot achieve it without the voices of the people we proudly defend. Data Protection Day serves as a global reminder to continue to stake our claim as advocates for the fundamental rights to data protection and privacy, because they are cornerstones of individual freedom and democracy.
It is clear that when people are asked about data protection, their answers will vary. The diversity of opinions and the frequency of their discussion point to the fact that data protection is becoming an integral part of our digital future.
On Data Protection Day, the European Data Protection Supervisor is hopeful for a future where the right to data protection is firmly upheld and supported. We hope you will join us on our mission to achieve this vision.
For more information about the European Data Protection Supervisor and its work, visit the EDPS website here.