The European Data Protection Supervisor (“EDPS”) recently published an opinion entitled ‘Towards a new digital ethics – Data, dignity and technology’ (the “Opinion”). The Opinion focuses on the challenges that new and evolving technologies pose to data protection. In particular, the EDPS highlights the need for a simple but future-proof approach to law-making in the area of data protection. Given the on-going negotiations around the new General Data Protection Regulation (“GDPR”), the EDPS hopes its Opinion might guide lawmakers in developing the next generation of data protection laws.
Who is the EDPS?
The EDPS is an independent institution of the EU. Together with the European Commission and national data protection authorities, it makes up part of the Article 29 Working Party. In general, the EDPS is responsible “for ensuring that the fundamental rights and freedoms of natural persons, and in particular their right to privacy, are respected by the Community institutions and bodies” in respect of the processing of personal data. It is also tasked with advising EU institutions and bodies on all matters concerning the processing of personal data. Earlier this year, the EDPS published a five-year strategy (the “EDPS Strategy”).
What is the Opinion about?
The Opinion addresses the challenge of data protection of ‘going digital’. This is the third objective of the EDPS Strategy: “customising existing data protection principles to fit the global digital arena”. The Opinion is consistent with the Article 29 Working Party’s approach to the data protection aspects of the use of new technologies, such as the ‘Internet of Things’.
The Opinion examines the trends, opportunities and challenges arising from the increasing collection and processing of personal data. In particular, the Opinion specifically highlights the trends which, in the EDPS’s view, “raise the most important ethical and practical questions for the application of data protection principles”. These consist of:
- big data;
- the ‘Internet of Things’;
- ambient (or invisible) computing;
- cloud computing;
- personal data-dependent business models;
- drones and autonomous vehicles; and
- trends with a potentially larger, longer term impact (such as 3D bioprinting and artificial intelligence).
The EDPS proposes that this era of great technological advancement provides the EU with an opportunity to demonstrate how all parties who make up this digital world – from regulators to developers, and designers to ordinary individuals – can co-operate to reinforce rights and to steer, as opposed to block, technological innovation.
In its Opinion, the EDPS outlines four essential elements required to form the “data protection ecosystem” of the future. These are:
- Future-orientated regulation. The EDPS had previously encouraged the EU to develop simpler rules, in the anticipation that these same rules would remain relevant for the next generation. The EDPS stresses the importance of the enforcement role of data protection authorities together with the need for greater coherence among regulators. This is particularly relevant given the ever decreasing cost of collecting and storing data.
- Accountable Controllers. The EDPS reiterates the principle that personal data should be processed only in ways compatible with the specific purpose(s) for which they were collected. It states that such limitations are essential to respecting individuals’ legitimate expectations. The EDPS calls on data controllers to be more dynamic and proactive in their handling of personal information.
- Privacy-conscious engineering. The EDPS believes that technological design decisions should not dictate societal interactions but should support society’s values and fundamental rights. The EDPS considers that the EU should develop and promote engineering techniques that create data processing technologies which fully respect the individuals’ rights and fundamental freedoms.
- Empowered individuals. Having outlined both the benefits and the challenges of emerging and recent digital trends, the EDPS highlights that citizens also have a role to play in their online choices. The EDPS adds that they have a responsibility to be aware, alert, critical and informed when making choices, both online and offline.
What the future holds
Whether the EU will indeed integrate electronic ethics and make a place for fundamental rights and freedoms in the technologies of the future remains to be seen. For now, the EDPS hopes to trigger a wider discussion on balancing the integrity of the values of the EU while embracing all the benefits of modern technologies. In particular, this discussion is likely to arise in the final negotiations of the EU’s new data protection laws, including the GDPR.