EU Data Privacy Legislation To Impact All Businesses
Data Privacy presenters: from left, Penny Naas (UPS), Jens Teilberg Søndergaard (Ministry of Justice), Beryl Blecher (U.S. Mission to the EU), Janni Christoffersen (Danish DPA), Nina Nørregaard (IBM), Stephen Brugger (AmCham), Thomas Myrup Kristensen (Facebook)
The first four chapters.
There are 16 photos in this gallery.
Click the image above to see the additional pictures
On May 24, AmCham Denmark teamed up with the U.S. Embassy’s Commercial Service for an informational seminar on the future of data privacy in the Europe Union. Nearly 60 participants convened at the U.S. Embassy to hear several data privacy experts discuss the new proposals, and their potential challenges to businesses.
U.S. Ambassador Laurie S. Fulton kicked off the discussion by underscoring the strength of the Transatlantic relationship, and specifically e-commerce, which now accounts for $1.5 trillion annual sales. She also talked about the misperception that Americans and Europeans are far apart on data privacy. Americans deeply value privacy and are strong proponents of a global and open internet, with appropriate privacy safeguards in place. In highlighting the Obama Administration’s work on simultaneous privacy legislation for the U.S., Ambassador Fulton reminded us of the importance of taking advantage of this unique opportunity to ensure global internet compatibility.
“Data privacy is one of the most critical in the U.S./EU trade relationship,” says speaker Beryl Blecher, Minister Counselor for Commercial Affairs, U.S. Mission to the EU, “ and it’s important to know that data privacy impacts businesses in all sectors.” Noting the Obama administration’s ‘Blueprint For Privacy’ which is being outlined now, Ms. Blecher noted that the administration supports a "bottoms up, consensus-based approach using multiple stakeholders to achieve a standards development."
DANISH STAKEHOLDERS SPEAK OUT
Stakeholders in Denmark present at the event were Janni Christoffersen, Director of the Danish Data Protection Agency, as well as Jens Teilberg Søndergaard, Head of Constitutional Law at the Justice Ministry, and Chairman of the EU Council’s Data Protection Working Group.
The Danish Data protection agency handles many cases and interfaces with companies in what Janni Christoffersen calls a ‘hands on’ approach. She ensured the audience that when reviewing the proposals, the DPA considers the perspective of the companies that they interface with. Ms. Christoffersen talked about the importance of providing "real value for the money." “What we don’t need is an inordinate amount of paperwork and a ‘tick in the box’ regime,” she noted. She also discussed how the proposed legislation puts enormous pressure on resources within all DPA’s, some of whom will have to double or triple their staff size to cope with the new proposals.
Jens Teilberg Søndergaard, who is working directly on reviewing the legislation with the EU Council Data Protection Working Group warns that we are still in the very early phases. The goal is to be done with the review by mid-2013, but he feels that this is very ambitious, considering the 27-land EU perspectives working together.
BUSINESS CASE PERSPECTIVE
Penelope Naas, V.P & Head of EMEA Public Affairs, UPS, and formerly with Citi, talked about how both financial and logistic businesses were operating now on completely digital platforms. “It’s not a matter of if, but how you will become data compliant,” she said.
All of the business case presenters agreed that there is not enough clarity in the proposals, and they all discussed the danger of rules that were overly specific, as technology changes so quickly.
Thomas Myrup Kristensen, Head of Public Policy, Facebook Nordic (and event sponsor), sees a benefit in having a regime that encourages best practice principles and how to promote them, rather than detailed technical regulation. Kristensen is encouraged by Privacy by Design concept, where organizations make data protection a part of their processes, rather than having overly prescriptive legislation. “We believe it is possible to have privacy protection and a thriving digital sector. These are not opposing forces.”
Pulling out a tattered printout with hundred’s of PostIt notes clinging to the pages, Nina Nørregaard, Senior Attorney from IBM Denmark, encouraged the audience to pick up a copy of the proposals. “Now what does all of this mean for you guys?”
It means that there will be a lot more focus on Data Privacy in all organizations. It means that a company of more than 250 employees will need to start spending money on privacy in their organizations, including hiring a Data Privacy Officer. Businesses will need to report any breach within 24 hours, no matter how large or how small. . .and much, much more.
It means all businesses must start to look into what Data Privacy will mean for their organizations.
To download a brief overview of the proposals, click here.
To download a copy of AmCham EU’s response to the proposals, click here.
To download a copy of AmCham EU's Privacy by Design paper, click here.