THINKPolicy #6: Protecting Europeans’ Data

Share this post:

With massive data breaches galvanizing media and public attention, individuals and governments are scrambling to ensure the privacy and security of online information.

The European Commission, Council and Parliament are now in the final round of negotiations on a new regulation, which aims to harmonize and modernize Europe’s current data protection regime.

IBM supports this effort to protect the privacy of Europe’s citizens, and urges European Union leaders to:

  • Extend Safe Harbor – recognizing of course the need to ensure adequate privacy protections, policymakers in the E.U. and U.S. should preserve the world’s most mutually-beneficial digital trading relationship, resist calls to erect barriers to Trans-Atlantic data flows, and renew the Safe Harbor Program. Over 60% of Safe Harbor certified organizations are small and medium enterprises. These entities are recognized the world over as drivers of economic growth and job creation. Now is not time to abandon a program that has fostered data-driven prosperity and strengthened the long-standing partnership between America and Europe.
  • dl-boxcloud-comFocus on Risk and Intent – Europe’s regulatory framework should embrace a risk-based approach to data processing and analytics, focusing on the protection of high-risk, sensitive personal data. This will encourage a cultural awareness of data protection. By contrast, an overly burdensome regulatory treatment of low-risk data categories would be a major disincentive for companies to provide innovative data-related services in Europe. It also would be a distraction from the consequential, forcing companies to spread their limited resources too thinly and making them vulnerable to harmful data breaches.
  • Sanction Harmful Practices, Not Technology – responsible profiling, or the ability to process data to extract actionable insights, is absolutely essential to the data economy. Regulation should focus on protecting data subjects from fraudulent and blatant misuse of personal data and ensuring that data controllers can be held accountable.
  • Be Mindful of Modern Data Relationships – companies that process data may not necessarily have ownership of that data. In the age of cloud computing and advanced analytics, businesses often engage companies like IBM to help them extract insights and value from huge libraries of data, but ownership of that information remains in the hands of the client. Today, well-functioning liability arrangements govern relationships between data owners and data processors. The data protection regulation should avoid disrupting those arrangements so as not to bar access to data services that can help European businesses compete.

###

More stories

Bias in AI: How we Build Fair AI Systems and Less-Biased Humans

Artificial intelligence (AI) offers enormous potential to transform our businesses, solve some of our toughest problems and inspire the world to a better future. But our AI systems are only as good as the data we put into them.

Continue reading

A New Public-Private Partnership to Advance Cybersecurity in France

IBM today opened its new Security Operations Center (SOC) in Lille, France. The SOC offers security incident and response services to organisations that are at the heart of the French society and economy. Operating 24 hours a day, seven days a week, the security center team will monitor the latest security events, assess their potential impact […]

Continue reading

Four decades. Nine jobs. One company. Meet Albert, IBM’s first-ever new collar employee.

Nearly 40 years before the first class of P-TECH students graduated high school with an associate’s degree and a pathway to a new collar career in tech (and before the term “new collar” was even coined), Albert Schneider was on his way to becoming the first new collar IBMer. Albert began working full time after […]

Continue reading