Europe wants to conquer the world all over again.
Only this time, its killer app isn’t steel or gunpowder. It’s an EU legal juggernaut aimed at imposing ever tougher privacy rules on governments and companies from San Francisco to Seoul.
When the region’s regulators roll out the changes — known as the General Data Protection Regulation, or GDPR — on May 25, it will represent the biggest overhaul of the world’s privacy rules in more than 20 years.
The new regulations offer EU citizens sweeping new powers over how their data can be collected, used and stored, presenting global leaders outside the 28-country block with a stark choice: bring their domestic laws in line with the EU’s new rules, or risk being shut out of a market of 500 million well-heeled consumers.
“Data protection is a good example of Europe trying to extend its influence over other countries,” said Christopher Kuner, co-chair of the Brussels Privacy Hub at the Vrije Universiteit Brussel. “Call it the ‘Brussels Effect.’”
For many countries, the choice is a no-brainer. Breaking commercial ties with the world’s largest trading bloc is unthinkable, and failing to comply brings the risk of hefty fines — up to €20 million or 4 percent of global revenue, whichever is higher — for any company with European customers that mishandles data.
In response, legislators worldwide are scrambling to update their domestic legislation to bend to Europe’s privacy rules. The data revamp will allow EU consumers to pull their data from a company at any time, force businesses to alert customers within three days if their data is hacked and let people move information to rival services at a drop of a hat.
The “Brussels effect” is mostly manageable for advanced economies like Japan, which last year set up an independent agency to handle privacy complaints to conform with Europe’s privacy standards during negotiations for a new Japan-EU trade deal.
But for emerging countries, the cost and administrative burden of applying the EU privacy standards can be daunting. In countries like South Africa, whose domestic legislation is primarily based on Europe’s rules, the upcoming data protection changes risks being viewed as yet another diktat handed down by former colonial powers in a form of “data imperialism.”
“Any country that’s not working toward these standards is left out in the cold,” said John Giles, managing attorney at Michalsons, a law firm in South Africa. “GDPR has long tentacles.”
Falling into line
For years, Europe has served as the world’s privacy police officer.
Since the mid-1990s, EU policymakers have rolled out a series of data protection rules that quickly became the de facto global standards for most countries except for a few holdouts like China, Russia and the United States.
But, as companies like Google, Facebook and Amazon vacuumed up more of people’s private information, European lawmakers upped the ante, intent on setting a new bar for data protection worldwide.
“We want to set the global standard,” Věra Jourová, the European commissioner for justice, told POLITICO last year. “Privacy is a high priority for us.”
by Mark Scott and Laurens Cerulus, Politico | Read more:
Only this time, its killer app isn’t steel or gunpowder. It’s an EU legal juggernaut aimed at imposing ever tougher privacy rules on governments and companies from San Francisco to Seoul.
When the region’s regulators roll out the changes — known as the General Data Protection Regulation, or GDPR — on May 25, it will represent the biggest overhaul of the world’s privacy rules in more than 20 years.
The new regulations offer EU citizens sweeping new powers over how their data can be collected, used and stored, presenting global leaders outside the 28-country block with a stark choice: bring their domestic laws in line with the EU’s new rules, or risk being shut out of a market of 500 million well-heeled consumers.
“Data protection is a good example of Europe trying to extend its influence over other countries,” said Christopher Kuner, co-chair of the Brussels Privacy Hub at the Vrije Universiteit Brussel. “Call it the ‘Brussels Effect.’”
For many countries, the choice is a no-brainer. Breaking commercial ties with the world’s largest trading bloc is unthinkable, and failing to comply brings the risk of hefty fines — up to €20 million or 4 percent of global revenue, whichever is higher — for any company with European customers that mishandles data.
In response, legislators worldwide are scrambling to update their domestic legislation to bend to Europe’s privacy rules. The data revamp will allow EU consumers to pull their data from a company at any time, force businesses to alert customers within three days if their data is hacked and let people move information to rival services at a drop of a hat.
The “Brussels effect” is mostly manageable for advanced economies like Japan, which last year set up an independent agency to handle privacy complaints to conform with Europe’s privacy standards during negotiations for a new Japan-EU trade deal.
But for emerging countries, the cost and administrative burden of applying the EU privacy standards can be daunting. In countries like South Africa, whose domestic legislation is primarily based on Europe’s rules, the upcoming data protection changes risks being viewed as yet another diktat handed down by former colonial powers in a form of “data imperialism.”
“Any country that’s not working toward these standards is left out in the cold,” said John Giles, managing attorney at Michalsons, a law firm in South Africa. “GDPR has long tentacles.”
Falling into line
For years, Europe has served as the world’s privacy police officer.
Since the mid-1990s, EU policymakers have rolled out a series of data protection rules that quickly became the de facto global standards for most countries except for a few holdouts like China, Russia and the United States.
But, as companies like Google, Facebook and Amazon vacuumed up more of people’s private information, European lawmakers upped the ante, intent on setting a new bar for data protection worldwide.
“We want to set the global standard,” Věra Jourová, the European commissioner for justice, told POLITICO last year. “Privacy is a high priority for us.”
by Mark Scott and Laurens Cerulus, Politico | Read more:
Image: Sara Gironi Carnevale