The Facebook scandal has laid bare the urgency of protecting personal information in a digital “jungle,” the EU’s justice minister said before new European data rules become law.
In an interview with AFP, Vera Jourova said the scandal was a wake-up call for critics who had seen the European Union as too quick to regulate online data.
“It explained that we really are living in the kind of jungle where we are losing ourselves,” Jourova said in Brussels.
“We have been providing the information about our private life, about our identity, about the intimate things,” she said.
“It goes to the black box. And we don’t have a clue what is happening there, who can abuse it, who can sell it to somebody,” Jourova added.
The General Data Protection Regulation (GDPR) entering force on May 25 sets down the rights of individuals, such as one where they explicitly grant permission for their data to be used.
They also have the right to know who is processing their information and for what purpose as well as to have information deleted.
Silicon Valley giants like Facebook, Google and Twitter as well as banks and public bodies will have to comply with the rules or face massive fines.
Facebook chief Mark Zuckerberg himself conceded the GDPR’s importance after research firm Cambridge Analytica plundered the personal data of tens of millions of the social network’s users for the 2016 US presidential election.
Jourova said Zuckerberg’s support triggered an “efficient campaign” for the GDPR in a way that she would have been hard pressed to do herself.
She said the GDPR would have applied in the Cambridge Analytica case because it requires firms to obtain the explicit consent of users for their personal data.
The case “really opened the eyes of many people who were criticising Europe being too paranoid, too overregulated,” she said.
But she learnt from the US press that the United States had much to learn from an old world it had seen as too “apocalyptic” but now views as “more visionary” about data protection.
She sees the EU as a benchmark for data protection.
“By negotiating the possibility of data transfers outside Europe we are in fact pushing other countries to increase the standards,” Jourova said.
The EU still has work to ensure its new regulation has the desired effects.
Member countries must accept a larger role for their data protection authorities who will be central to guaranteeing the rules are applied.
Jourova sought to reassure smaller firms worried about adapting to the new rules that carry fines for those in breach.
“Please, don’t panic,” Jourova said.
“The authorities… should have an honest dialogue with companies who are obviously in good faith.”
She expected authorities to focus first on firms that handle mass quantities of data and make money off it.
Smaller firms will likely have more time to adapt.
Her advice for smaller firms and non-government organisations that do not pass on electronic data: “Be sure your technology is good enough against hackers.”
But she was losing patience with member countries that have yet to update their laws even though they have had two years to do so since the GDPR was adopted in 2016.
At least eight of the 28 member countries will not have adapted by May 25, which she attributed to neglect rather than resistance to the law.
“They left it for the last moment. This procrastination of states will create some legal uncertainty. And I am not happy about that,” Jourova said.