Ministers from half of the EU's 28 member states have signed a letter asking the EU Commission to drop its “barriers to the free flow of data”
In an article published by The Register, ministers from Belgium, Bulgaria, Czech Republic, Denmark, Estonia, Finland, Great Britain, Ireland, Latvia, Luxembourg, Lithuania, Poland, Slovenia and Sweden decried the EU’s data protection legislation. They “encouraged the commission to move ambitiously forward in its efforts to remove regulatory and non-regulatory barriers in the Digital Single Market”, so that data can be shared more easily between and beyond member states.
Presently, data sharing across the EU is a complicated matter, with more complexity foreseen with the implementation of the General Data Protection Regulation (GDPR) in 2018. As a result of the new legislation, which brought about the collapse of Safe Harbor (The Guardian, Oct 6, 2015), data localisation projects have picked up in Germany and France.
The authors of the letter pleaded the commission and the Dutch incumbent in the EU's rotating presidency to take the following into account (only excerpts are shown):
Build a solid foundation for the digital economy. For the digital economy to flourish businesses and consumers must thrive in a trusted and connected digital environment...review of the e-Privacy directive with the aim to repeal all elements that are no longer fit...regulatory framework should be adapted to better spur investments…
Strengthen the framework for digital innovation and entrepreneurship. Refrain from one-size-fits-all regulation which would reduce competition and hamper innovation...ensure that data can move freely across borders, both within and outside the EU, by removing all unjustified barriers to the free flow of data.
Move the single market into the digital age. As both consumers and businesses can benefit significantly from cross-border e-commerce within Europe we need to step up efforts to make it easier to trade online across the internal market and not impose new burdens on businesses.
In effect, the letter calls for the the outright repeal or heavy amendment of the e-Privacy directive using broadband business competitiveness as its justification to allow data to flow freely across borders.
The veil of secrecy
However, the “truth” is never what it seems and is usually shrouded in obfuscation and a foggy mist of vested interests. A regular bugbear for many governments, the EU's e-Privacy directive caused some distress in January when a legal opinion determined that it meant the ongoing snooping activities of many member states' governments were not strictly lawful.
The collapse of Safe Harbor also caused trouble for many of the US-based multinationals which had otherwise been able to promise they were following the European legal regime with Europeans' data when held in the US. Of course, the Snowden disclosures proved this was not the case.
Patriotic tech companies might complain about the stricter directives, but for the most part, multinationals, particularly American ones, have only one concern - the bottom line. Besides, of what use is European personal information in a US located database? Products and services offered on websites and social media are location based, i.e., a person is offered products and services based on that person’s geographical location, be it online or from a brick and mortar nearby. Even if that person were to login to Amazon, the majority of the products offered are locally sourced and, at best, they are pan-European handled by a local distributor. The exception (and it is a rare one as far as end-user shopping is concerned) is those products actually purchased in the US and shipped to Europe. So Americans have no real need or use for European personal information even though they will tell you they need that information to better match personal online behaviour and product offers. All that can be done just as efficiently right here without any need for leftpondian interference as all it requires is the right analytical algorithm.
Ulterior motives?
Of greater concern is the state apparatus that requires tech companies to turn over their data under the banner of national security. And exactly whose national security are we talking about, America’s or Europe’s? Paris, Brussels, Oslo, The Sinai Jet Bombing, Ankara, Beirut...where were the state intelligence agencies?
One might argue that only the metadata is scanned and inspected, and that no actual information is viewed or analysed. After all, state agencies have to scan millions of metadata tags daily making it impossible to detail each individual phone call or message. The problem lies in “three degrees of separation” or “the three hops,” (The Guardian, Oct 28, 2013) that the NSA’s PRISM program uses to determine association. It’s that third hop of connection that greatly expands the probability of innocent people worldwide being scooped up into the NSA’s surveillance machine. As Ars Technica explain in an article from 2013, you’re only “one hop from the author, and three hops from Hamid Karzai.” And if you think it’s only happening in the US, guess again. Just yesterday, May 26, the UK’s independent biometrics commissioner, Alastair MacGregor, revealed that 53% of the 9,600 individuals on the counter terrorism databases have never been accused of a crime.
How we feel about it
The simple truth is that national security agencies have drunk their own Kool-Aid and have ended up seeing terrorists under every rock. It’s called tunnel vision which then morphs into collective paranoia. Just look at what’s happening in the US with Patriot Act I and II, the FISA courts, the militarisation of police forces and the institutionalised racism of ethnic minorities. You think this is all crazy talk? Does the name Donald Trump ring a bell? The fact is security agencies are no more likely to stop a terrorist attack than you or me as evidenced in a series of articles: Business Insider, The Most Interesting Revelations From Frontline's Powerful Exposé of the National Security Agency, May 20, 2014; The Intercept, US Mass Surveillance Has No Record of Thwarting..., Nov 17, 2015; The Washington Post, NSA Phone Record collection Does Little to Prevent Terrorist Attacks..., Jan 12, 2014.
We take data security very seriously; it is the heart and soul of our business. So when a news article like this one is published, and entire governments seek to water down privacy laws, we get very concerned. That is not to say we don’t applaud the work of national security agencies, we do. It is a thankless and wearisome job. But we do ask state agencies to show some common sense judgement when it comes to privacy laws and data sharing.
We take data security very seriously; it is the heart and soul of our business. So when a news article like this one is published, and entire governments seek to water down privacy laws, we get very concerned. That is not to say we don’t applaud the work of national security agencies, we do. It is a thankless and wearisome job. But we do ask state agencies to show some common sense judgement when it comes to privacy laws and data sharing.
We do nothing to further the cause of national security by indefinitely detaining, without due process (Human Rights Watch, Apr 18, 2016), a false positive suspected terrorist in Guantanamo while simultaneously arming ISIS rebels in Syria through Turkey’s back door (The Guardian, Now The Truth Emerges..., June 3, 2015) simply because they are against Bashar al-Assad. The farce is almost laughable.
Data security and privacy go hand in hand and one cannot be isolated from the other. If you don’t have privacy, you don’t have data security; if you don’t have data security, you don’t have privacy. It’s that simple. So, while entire governments seek to weaken the privacy rights of individuals in the guise of “increased commercial opportunities,” the security industry takes an opposing view because it negates everything we’re trying to accomplish for our clients - the possibility of safeguarding the integrity of their information assets from prying eyes, industrial espionage and data breaches. In fact, we in the cybersecurity subscribe to the opposite: only by guaranteeing data security do our clients feel more confident in expanding e-commerce opportunities.
The Answer
Clearly, each side has its own agenda and motives, and never the twain shall meet. Or can they? We argue that both sides can achieve a workable solution to everyone’s satisfaction if each is willing to compromise. Do secret state security agencies really need to exchange data deemed “suspect” between each other? We already have Interpol for that. From a commercial point of view, European companies doing business on the continent already freely exchange customer information between marketing and financial organisations to offer targeted advertising. At the same time, cybersecurity vendors should provide more robust encryption of data packet transfers. In this day and age, we should offer the best of both worlds.
Secon Cyber Security
At Secon Cyber Security, we take the matter of data privacy very seriously. Our whole purpose for being is cybersecurity. As such, we offer advice and services around GDPR compliance, network security, cloud security, endpoint security, email archiving, DLP (data loss prevention) solutions, user-awareness training and education, cyber skills assessment and development.
Secon Cyber Security
At Secon Cyber Security, we take the matter of data privacy very seriously. Our whole purpose for being is cybersecurity. As such, we offer advice and services around GDPR compliance, network security, cloud security, endpoint security, email archiving, DLP (data loss prevention) solutions, user-awareness training and education, cyber skills assessment and development.
No comments:
Post a Comment