Ever since January 2012, when the European Commission issued a proposal to strengthen data protection rules for citizens of the European Union, American technology companies and politicians have decamped to Brussels and Strasbourg in hopes of tempering the proposal. The idea is to update rules first established in 1995, before the rise of e-commerce and social networks, and to make them apply to all companies interacting with consumers in the EU, no matter where they are based.
Then on Jan. 8, 2013, one of the youngest representatives of the European Parliament, Jan Philipp Albrecht of Germany made headlines by recommending even more restrictive policies regarding the protection of individual privacy online. Albrecht, 30, was first elected to the Parliament in 2009 as a member of the Green Group, and has worked on home affairs issues and legal issues with a particular focus on data protection. In an exclusive interview with Data Informed, Albrecht discussed his proposal, which still faces consideration by his colleagues with a vote due in April, as well as his current views on data protection rules on both sides of the Atlantic.
Data Informed: How did you get first get involved in the online privacy debate?
Jan Philipp Albrecht : Before I came to the Parliament, I was an IT lawyer working on the European data protection rules a lot, and especially on the question of how to better harmonize them and bring them in accordance with the fundamental rights and the legal requirements of the European members.
What sparked your recent proposal regarding online privacy?
Albrecht: We’ve had quite a lot of debates in the European Union, and in Parliament especially, on privacy throughout the last three years. There is a huge demand in the Parliament to bring together the privacy movement in one single set of rules and into a better harmonized one, which then will create a new framework for the rights of individuals in both situations, the public authorities and, at the same time, companies and enterprises. And the idea now with data protection regulation is to create one regulation that rules the whole European market, and sets the basic rules for data protection, which in Europe, of course, is also an expression of the fundamental rights laid down in the treaties and also in the human rights legislation in Europe. So it’s not a new change. It’s just bringing all the rules together into one framework, and sorting out which rules have to be adjusted.
What do you see as the main difference between the online privacy debate in Europe and in the United States?
Albrecht: I don’t see so many huge differences. The main difference is that in the EU, data protection law comes from Europe’s notion of fundamental human rights. In the U.S., there are two sides. You have public rights law and you have competition rules, which are determined by the FTC. So it’s a bit different approach, which I think now is being questioned by the White House and by many Congress members who think that there should be also a comprehensive approach to privacy rules.
In the U.S., this has been developed more by practical needs, because there was enforcement, but no real law. And in the European Union, the approach was more a theoretical one. We pass laws, but you don’t know if they’re really enforced. That is really a big question in the European Union. We have very strict rules, but there are many exceptions and a lack of clarity about enforcement.
Does the Internet pose certain issues in terms of privacy that make establishing effective laws and enforcement somewhat trickier?
Albrecht: Yes, there were services and products somehow developed on the Internet, which just were not really regulated, so it was just done. And of course now the huge question in the air is, how far do we want to regulate things, particularly in regard to the rights of businesses and other rights holders. I have the impression that we have a lack of awareness on the sides of consumers and who should decide on the rights of citizens in the Internet environment?
Some big companies in the United States, such as Facebook and Google, have violated the public’s trust, and hurt their public images in the process when such violations were reported in the press. Has the public’s awareness of online privacy issues changed?
Albrecht: I think those are the situations where the people of the United States become more aware. The question is if the people will really get something out of this situation, or if this will be a missed chance to set some basic and also perhaps globally leading standards.
How do you respond to those people who say that these kinds of laws are unenforceable?
Albrecht: You really create awareness not only enforcing privacy rules, but you also create awareness by using so-called traffic lights. I think online privacy should be regulated, but in a way that is self-regulating where everybody can decide what he or she can add to help create such a system.
Can companies create a new relationship with consumers based on trust that you’re handling their data responsibly?
Albrecht: Absolutely. There is a huge possibility in having systems that take a more creative approach to privacy issues.
How would this relationship be handled in regard to data brokers?
Albrecht: I don’t know how this is regulated in the US, but I think that there are some people who want to say, “Here is a border, which you shouldn’t really cross.”
You are one of the youngest members of the European parliament. Is our notion of privacy changing with younger generations?
Albrecht: I think privacy is slightly changing, but the assumption that privacy is not important for young people is really wrong. They feel they want to be protected, and they have the right to be assured that they are. If you want to have strong enforcement rules, you can do it.
So is enforcement going to be a difficult issue going forward?
Albrecht: It is. It is. I think the solution is intensive privacy rules, so-called privacy by design rules, where if you do content-based and well-informed services, then you really will get more business. I think you can incentivize that by sanctioning consumers in the market, because they can change, and then companies will change.
Is there anything that you personally do in your own daily life online to protect your own privacy, or anything that you won’t do, because of what you know from your own research?
Albrecht: I myself really try to keep everything I do professionally online, which I think can be non-private anyway. But with my private information, I try to keep it mostly analog. I think it’s very important to really take care. For example, if you put pictures online, that this can have really a significant impact on your future privacy. Because thinking about face recognition, like going on the street, taking a photo of a person and I know almost everything about them, that has an impact. I think people should prevent that from happening as much as possible, and I myself have tried to do that also.
Alec Foege, a contributing editor at Data Informed, is a writer and independent research professional based in Connecticut, and author of the book The Tinkerers: The Amateurs, DIYers, and Inventors Who Make America Great. He can be reached at firstname.lastname@example.org. Follow him on Twitter at @alecfoege.