The following joint statement was given by European Commission Vice-President Jourová and European Commissioner Reynders on Jan. 27, 2020, ahead of Data Protection Day.

Background

In 2006, the Council of Europe, an international organisation whose stated aim is to uphold human rights, democracy and the rule of law in Europe, launched a Data Protection Day to be celebrated each year on Jan. 28.

On May 25, 2018, the General Data Protection Regulation came into effect in the bloc. In July last year, the European Commission published ‘Communication: Taking stock of the implementation of the Regulation.’ the Commission is also paying grants to data protection authorities to co-finance their reaching out to stakeholders, in particular individuals and small and medium-sized enterprises.

In January 2017, the Commission adopted a Communication on the international aspects of privacy, which set out the EU strategy in the field of international data flows and protection.

The adoption of the mutual EU-Japan mutual adequacy decision is an important result of this strategy. Since February last year, it has allowed for the secure, free flow of personal data between the two economies on the basis of strong data protection guarantees.

The Commission is at an advanced stage in negotiating an adequacy decision with South Korea.

“Data is becoming increasingly important for our economy and for our daily lives. With the roll-out of 5G and uptake of the Artificial Intelligence and Internet of Things technologies, personal data will be in abundance and with potential uses we probably can’t imagine. While this offers amazing opportunities, some cases show that robust rules are needed to address clear risks for individuals and for our democracies. In Europe we know that strong data protection rules are not a luxury, but a necessity.

In the EU we have proudly become a global reference point for strong data protection rules, based on enforceable rights and independent and robust enforcement.

20 months after the entry into application of the landmark General Data Protection Regulation, we see that the GDPR has acted as a catalyst to put data protection at the centre of many of the on-going policy debates. It is a cornerstone of the European approach underpinning several political priorities of the new Commission promoting a human centric approach to Artificial Intelligence and other digital technologies. European Data Protection rules will therefore be a foundation and inspiration for the success of key initiatives in artificial intelligence, health or mobility to name just a few.

Citizens have become more aware of their rights and businesses are increasingly making use of their data protection credentials as an argument vis-à-vis their customers. Thanks to data protection awareness raising campaigns, over 1.7 million businesses and citizens visited the web guidance on the new rules in 2019 developed by the Commission. According to Eurobarometer results, the highest levels of awareness among citizens are recorded for the right to access their own data (65{d1a1694403c5660430dc420b8f142668f13097a51a1c1fc172179b975fdf78b3}), the right to correct the data if they are wrong (61{d1a1694403c5660430dc420b8f142668f13097a51a1c1fc172179b975fdf78b3}), the right to object to receiving direct marketing (59{d1a1694403c5660430dc420b8f142668f13097a51a1c1fc172179b975fdf78b3}) and the right to have their own data deleted (57{d1a1694403c5660430dc420b8f142668f13097a51a1c1fc172179b975fdf78b3}).

However, our priority and that of everyone involved should be to foster a harmonised and consistent implementation of data protection rules throughout the EU.

The work of data protection authorities, working together and coordinating their action within the European Data Protection Board, is essential. It is important that Member States provide them with the necessary human, financial and technical resources. From the Commission’s side, we will also continue supporting them with EU funding.

Data protection authorities have already taken a series of enforcement decisions. Major investigations with a cross-border dimension, affecting individuals in many Member States, are ongoing. Decisions on these cases are expected in the coming months. But there is a need to step up enforcement notably by enhancing cooperation among data protection authorities. Vigorous and harmonised enforcement is a prerequisite for the effective protection of personal data.

The evaluation of the GDPR that the Commission will issue in spring will provide the opportunity to assess its application, in particular as regards international transfers and the consistency and cooperation mechanism between data protection authorities. It will also clarify certain aspects of the GDPR.

The demand for privacy is not limited to Europe. The GDPR has inspired a growing number of laws around the world and is becoming a global standard. Building on the successful example of the mutual adequacy with Japan, the Commission will further intensify its international engagement to promote safe data flows.”

The need for data protection has become more than a policy or regulation; it has become a business asset. Businesses that have a good reputation for data protection and that show potential customers that they have taken adequate steps to comply with regulations are rewarded with sales and customer loyalty.

However, there are many unscrupulous business leaders who are manipulating the market. Data is a valuable commodity. Social media sites are worth billions because of the naivety of their users who either do not bother to read privacy policies, do not read terms and conditions or who do not understand that updates can include changes to policy that mean personal data can be sold.

Until Internet users realise the value of the data that they supply free to social media sites and even by allowing tracking on phones or devices, it is unlikely that businesses will offer explanations for the manipulations to a policy that remove protections people take for granted.

 

This is why data protection, and ensuring that your business abides by regulations, is vital to the economic health of the Internet ecosystem. While large social media oligarchies rule, for now, Internet users are increasingly aware of the value of their data. They are also increasingly sceptical of social media platforms and the potential harm that might yet prove to evolve from such sites.