The Swiss Data Protection Act recently celebrated its 20th birthday. In his press conference and subsequent interviews, the Federal Data Protection and Information Officer, Mr. Hanspeter Thür, asserted that the current data protection legislation was no longer suitable to adequately deal with today’s challenges. In Mr. Thür’s view, the rise of the Internet and social media as well as the ever progressing development of powerful data processing, analysis and storage capacities put in question the fundamental rights of the individual as defined in current data protection legislation. The data processing methods as they evolved over the past two decades were absolutely not foreseeable at the time the Data Protection Act had been enacted, he stated. Suggesting that today’s data processing capabilities would have made George Orwell turn pale, Mr. Thür claimed that society needs to re-discuss and eventually determine the future limits of data processing.
This process is well underway now. After having commissioned an expert report concluding in 2011 that the current Swiss data protection legislation, while generally performing in line with the regulatory expectations entertained at its inception, lacked sufficient enforcement to perfect its goals, the Federal Council charged the Department of Justice to propose concrete measures to strengthen the current data protection regime. Very much in the same spirit, the European Commission in January 2012 proposed a comprehensive reform of the 1995 data protection rules to address data protection concerns triggered by technological progress and globalization. Finally, more and more countries around the globe adopt data protection legislation similar to the regulatory framework established in the European continent twenty and more years ago.
These developments, however, have not remained unchallenged. Shortly after the Commission proposal for the EU Data Protection Regulation had been published, EU Commission Vice-President Viviane Reding stated in the English newspaper The Daily Telegraph that she never had experienced a more aggressive lobbying than against the said proposal. In the past eighteen months, the Regulation proposal has been the subject of intense negotiations, re-drafts and media speculation all over the world, but even more in the United States. It does not come as a surprise that the digital industry in the United States is particularly concerned about the new law as it may substantially influence their business models. Some online journalists even suggest that if the digital industry in the United States were forced to implement the new law, this could lead to a “trade war” between the United States and the European Union. In consideration of the diverging views on the draft Data Protection Regulation, the Irish Presidency of the European Union in May 2013 published a compromise text for the European Council to review and consider. In essence, the compromise proposal softens the original Commission proposal and offers a risk-based framework rather than the prescriptive approach adopted by the EU Commission in the draft Regulation. The final text of the new data protection framework is expected to be negotiated by the European Parliament and the Council of the European Union later this year.
In the meantime, the debate has reached the media and, therefore, the public. Data protection and information related topics make the news almost on a daily basis. Often they even make the headlines. While ten years ago, data protection still was reserved to a small group of professionals, it appears that today, society as a whole has started to realize the full implications of the digital millennium. It is not without any reason that data often is described as the oil of the 21st century. We may, indeed, experience that data will over time replace oil as the most precious commodity in the world with equally significant ramifications from an economic and cultural perspective. Data protection regulators around the world face the task to provide a regulatory framework that strikes the balance between protecting fundamental rights and exploiting the possibilities offered by digitalization – a task as important as challenging. It remains to be seen where we, as a society, will go from here. But one thing is certain already today. Data protection legislation will materially shape our future.