Data Responsibility

One year of GDPR: Better Privacy for Europe and the World

Share this post:

We are entering the second year of the European General Data Protection Regulation (GDPR) which entered into force on May 25, 2018.

GDPR shone a spotlight on data protection like nothing else before it. It has pushed data privacy and responsibility to front of mind for political decision makers and companies. It is stimulating privacy-by-design across industries. Many companies re-prioritized privacy, updating compliance systems, deploying privacy safeguards across processes, services and products. And in society, privacy — and GDPR — have become part of common parlance.

Companies that are serious about data responsibility are raising the bar by going beyond compliance. For IBM this means implementing our principles for Trust & Transparency across our business and across all markets, and playing a key role in initiatives such as the development of the EU’s AI Ethics guidelines and the Charter of Trust. IBM has also been a driving force in the EU Cloud Code of Conduct, an independently-governed industry code that contains rigorous assurances for the protection of data in cloud services. Such codes are fostered by GDPR as being a contributor to a higher level of data privacy, transparency and accountability. The latest version of EU Cloud Code of Conduct is currently pending official approval by supervisory authorities.

In the past year individuals and businesses have felt the harmonization benefits that GDPR brought about. As individuals we can now rely on the same rights and high standards throughout the European Union, no matter where we are and no matter where our data is processed. As companies, harmonization means a single privacy framework to comply with across 28 EU Member States and other counties, such as Norway, Iceland and Liechtenstein.

And there is even more potential for harmonization. As GDPR matures, we expect that areas such as the “opening clauses” that allow Member States to treat important issues (e.g. processing of sensitive data or employee data) will be aligned, avoiding the need for companies to adapt for different requirements across different countries. We also expect that guidance from national Data Protection Authorities, the European Data Protection Board as well as eventual decisions from the European Court of Justice will be clear and consistent on, for example, rules around data access, consent, or data transfer outside of the EU.

An increasing number of governments across the world are also tackling data protection policy. Other regions do not necessarily need to copy/paste the GDPR approach – different regions need tailored privacy policies, reflecting the diverse historical, legal and cultural approaches to privacy. However, what is crucial is that different regimes are interoperable, ensure the ability to transfer data to each other, and focus on protecting consumer privacy while avoiding unintended consequences that could harm the broader, more responsible digital economy. Cross border data flows generate opportunity, innovation and value for economies and societies alike – if they are not hindered by unnecessary data localization obligations.

In the year since GDPR, the opportunity of data has continued to increase, and it will grow even larger and more fascinating. IBM looks forward to GDPR living up to its potential as an enabler of trust, and we will continue advising other governments around the world as they explore their own approaches to strengthening consumer data privacy protections.

– Dr. Nils Hullen, IBM Government and Regulatory Affairs Executive

More Data Responsibility stories

IBM Responds to U.S. Department of Commerce RFI on Artificial Intelligence

Today, IBM submitted comments to the United States Department of Commerce’s National Institute of Standards and Technology (NIST) regarding the development of standards and tools to build and advance trusted Artificial Intelligence (AI) systems and applications.

Continue reading

IBM Welcomes OECD Principles for the Development and Use of AI

BRUSSELS, BELGIUM – IBM today issued the following statement welcoming the Organization for Economic Cooperation and Development’s (OECD) release of new Principles on Artificial Intelligence: “The OECD’s Principles on AI provide sound policy guidance for governments and stakeholders around the world that are working to advance responsible, human-centred AI. IBM is proud to have contributed […]

Continue reading

10 Global Policy Priorities to Advance Trusted AI

Artificial intelligence (AI) will transform our world. As a global leader in AI, IBM continues to push cognitive computing to the edge of possibility, from Watson agricultural insights informing planting season to incident reporting insights helping to fight human trafficking.

Continue reading