Communications on data protection
Chairs: Mònica Vilasau
GDPR: A European model of privacy
Ricard Martínez. Responsable del Servicio de Transparencia en la Diputació de València. Expert in privacy.
The European Union has made of data protection and privacy a solid building, with strong foundations, and ready to face the challenges of the future. Data protection has become a fundamental right and, as such, it is against such the highest level of the right that the debate and the weightings take place.
This is at odds with the practices of US firms, that are clearly threatening this fundamental principle.
General Data Protection Regulation (GDPR) is trying to fix this and to protect the citizen against all kind of threads. But it is still imperfect. If, for instance, still relies on authorisation. It is well known that the end user will accept (authorise) any kind of data usage by third parties just to be able to enter a social networking site, or to have access to social media, or to use a given digital service. The regulation should then be more proactive, and “not trust” the judgement of the citizen, and protect them despite themselves. Accountability has to be filled with content, not be a hollow recipient of wishful thinking.
The legislator must know reality, the reality of the user, the reality of technology.
There is a big problem now that technologies enable the possibility that third parties can own others’ identities, do things for them (and without them knowing), make decisions for them (and without them knoweing), etc.
General data protection regulation vs. big data regulation
Alessandro Mantelero, Polytechnic University of Turin
One of the main problems of big data is that it does not actually asks for permission, or consent. Or, indeed, most of consent was already given when the user accepted the conditions of each and every social networking site, website, online service, etc.
Regulation is clearly lagging behind the advancements of technology. This is not new —it actually is the norm— but not only the gap is widening, but the paths are divergent one from another.
Achieving anonymity on the Internet is extremely difficult. This is what we have to address. When we collect information which is non-sensitive (e.g. on mobility) it will most likely produce outputs that are relevant for privacy, that can contribute to identify or draw a profile of someone. And all this is not in the GDPR. How is GDPR addressing these new but actual challenges
We are shifting from an individual-based data protection paradigm to a new paradigm of a collective vision, where the collective shapes the identity, shapes privacy, etc.
Alessandro Mantelero: this is not a legal topic, but an economic topic. If we test prototype cars for security and do not allow them to be on the streets until they match some security issues, same should happen when designing digital services. Yes, maybe this would slow the pace of innovation. Maybe. But we have to find a balance between total flexibility in digital services design and total lack of taking into account fundamental rights that can be seriously damaged by the design of those digital services.