Sensing the Facebook scandal has shifted the transatlantic winds, the EU is asserting itself as a forward-looking regulator rather than a retrograde bulwark against Silicon Valley’s innovative might.
After years of mounting concern, the European Union will introduce tough new data protection rules next month, which Facebook chief Mark Zuckerberg himself has welcomed in the face of the latest scandals.
The General Data Protection Regulation (GDPR), which comes into force on May 25, gives web users much greater control over how their personal information is stored and used, with big fines for companies that break the rules.
“I was really desperate about thinking how to make the best possible campaign for GDPR so now this is well done, so thank you Mr Zuckerberg,” the EU’s justice and consumer affairs commissioner Vera Jourova told reporters in Brussels this week.
“His declaration that they want to expand our European rules globally, it’s only good news, it sounds very nice to me.”
The GDPR is not the only EU action that has triggered accusations of protectionism against the new digital economy. It has also drawn fire over its massive anti-trust fines against Google and Apple as well as plans to tax internet giants.
During questioning by US senators on Tuesday over the Cambridge Analytica scandal, Zuckerberg said Facebook was “committed to rolling out the controls and the affirmative consent” required by the new EU rules “around the world”.
Under the new rules, companies will need explicit consent from users to share their data with third parties and people will have the right to know what personal information is stored about them and to ask for it to be deleted.
Breaches can lead to heavy fines — up to four percent of a company’s global turnover.
Zuckerberg said he took personal responsibility for the fact that 87 million people’s personal data was improperly shared with Cambridge Analytica, a firm which worked for Donald Trump during the 2016 presidential campaign.
The Facebook chief “had always said the opposite, that it was going to kill the internet,” said Viviane Reding, the centre-right European Parliament member who initiated the GDPR when she was a European commissioner in 2012.
“Now our regulation is seen as a positive step for the internet’s future development,” she told AFP.
Reding said the Cambridge Analytica scandal was a “wake-up call” to the United States in the same way that whistleblower Edward Snowden’s revelations about mass US intelligence surveillance was to Europe.
The US senators who questioned Zuckerberg “studied closely the European legislation,” Reding said. “They understood that this model is not an internet killer, but the basis for its balanced development.”
European Parliament member Maria Joao Rodrigues, a Portuguese socialist, said times have changed, recalling how even some European governments had initially opposed the GDPR.
“US congressmen are contacting us at the European Parliament to learn about our experience,” Rodrigues told AFP.
Jan Albrecht, a German MEP from the Greens party, said Europeans have demonstrated they have taken a “necessary step” to protect data, not stall the economy.
“The far-sightedness that the EU has shown is confirmed,” Albrecht told AFP, recalling those who said “we must not create any hurdles for the digital economy”.
He said Europeans should stop doubting themselves and “be extremely proud” that they are leading the way and that their market is big enough to “set standards” for the rest of the world.
“The US Congress has failed to do so for years and left legislative initiatives untreated,” Albrecht said.
Guillermo Beltra, a legal expert with the European consumers association BEUC, said the GDPR is a great example of the EU showing industry where “innovation should go towards”, with society demanding citizen privacy first.
“What the EU does is try to make technology developments adapt to society’s social values, as opposed to the society having to adapt its values to accept the new technology,” Beltra said.