Google criticises EU data protection
Google has criticised how the EU Data Protection Directive is being implemented.
While the principles of the directive are sound and have been adopted by many countries, the application of them "no longer makes sense", according to Google's privacy counsel Peter Fleischer.
"It is, at least in part, an export-controlled regime, on a model that the export of data outside of one region, namely Europe, to another region, would be subject to various regulatory restrictions and adequacy findings," said Fleischer at a gathering in Brussels of data-protection professionals. "All that might have made sense before the age of the internet, but just doesn't make sense in the age of the internet, as exports happen every time someone clicks a mouse. We need to rethink that."
"A lot of the things we do are designed to run on one internet architecture. That cannot be designed to stop and change at borders," said Fleischer, who was quoted on Google's public policy blog. "Every time you use your credit card, your data may be flowing over six or seven different countries."
Fleischer called for harmonisation, not of the privacy principles themselves, as they remain unchanged, but of the way those priciples are implemented. "Like all businesses operating across many different borders, we are sometimes confronted with the problem of different standards or different interpretations [of law]," said Fleischer. "Harmonisation, at least in the realm of the internet, is a helpful thing to business. In many ways it's even necessary."
He continued: "There's been a confusion, a conflation if you will, between the administrative application of principles, and the principles themselves."
However, Peter Hustinx, the EU's data-protection supervisor, said that before a discussion on reconsidering policy options could happen, the EU and businesses had to consider what the existing EU privacy framework could supply. "The emphasis in the existing principles is to make them work. Let's put the energy into making [the directive] work better," he said. "With the existing framework there is substantial guidance, and that needs to be applied."
Hustinx said that future changes to the framework at an EU level is unavoidable, but that change should not come for at least five years.