THINKPolicy #6: Protecting Europeans’ Data

Share this post:

With massive data breaches galvanizing media and public attention, individuals and governments are scrambling to ensure the privacy and security of online information.

The European Commission, Council and Parliament are now in the final round of negotiations on a new regulation, which aims to harmonize and modernize Europe’s current data protection regime.

IBM supports this effort to protect the privacy of Europe’s citizens, and urges European Union leaders to:

  • Extend Safe Harbor – recognizing of course the need to ensure adequate privacy protections, policymakers in the E.U. and U.S. should preserve the world’s most mutually-beneficial digital trading relationship, resist calls to erect barriers to Trans-Atlantic data flows, and renew the Safe Harbor Program. Over 60% of Safe Harbor certified organizations are small and medium enterprises. These entities are recognized the world over as drivers of economic growth and job creation. Now is not time to abandon a program that has fostered data-driven prosperity and strengthened the long-standing partnership between America and Europe.
  • dl-boxcloud-comFocus on Risk and Intent – Europe’s regulatory framework should embrace a risk-based approach to data processing and analytics, focusing on the protection of high-risk, sensitive personal data. This will encourage a cultural awareness of data protection. By contrast, an overly burdensome regulatory treatment of low-risk data categories would be a major disincentive for companies to provide innovative data-related services in Europe. It also would be a distraction from the consequential, forcing companies to spread their limited resources too thinly and making them vulnerable to harmful data breaches.
  • Sanction Harmful Practices, Not Technology – responsible profiling, or the ability to process data to extract actionable insights, is absolutely essential to the data economy. Regulation should focus on protecting data subjects from fraudulent and blatant misuse of personal data and ensuring that data controllers can be held accountable.
  • Be Mindful of Modern Data Relationships – companies that process data may not necessarily have ownership of that data. In the age of cloud computing and advanced analytics, businesses often engage companies like IBM to help them extract insights and value from huge libraries of data, but ownership of that information remains in the hands of the client. Today, well-functioning liability arrangements govern relationships between data owners and data processors. The data protection regulation should avoid disrupting those arrangements so as not to bar access to data services that can help European businesses compete.


More stories

A New Public-Private Partnership to Advance Cybersecurity in France

IBM today opened its new Security Operations Center (SOC) in Lille, France. The SOC offers security incident and response services to organisations that are at the heart of the French society and economy. Operating 24 hours a day, seven days a week, the security center team will monitor the latest security events, assess their potential impact […]

Continue reading

IBM Statement on Filing an Amicus Curiae Brief in the United States Supreme Court

IBM issued the following statement on filing an amicus curiae brief in the United States Supreme Court: “Changes in technology move faster than changes in the law, and when the law addresses new technology it must consider not only the immediate facts of the case at bar, but also the potential implications that a legal […]

Continue reading

IBM Letter to House Judiciary Committee on Anti-Sex Trafficking Bill

IBM today urged leadership of the House Judiciary Committee to align its anti-sex trafficking legislation with a parallel Senate bill.

Continue reading