On 2 July 2014, the European Commission issued a Communication titled “Towards a thriving data-driven economy”, which describes the features of such economy and sets out some operational conclusions. The Communication responds to the European Council’s conclusions of October last year which called for EU action to provide the right framework conditions for a single market for big data and cloud computing.
The Communication follows in the wake of the White House’s comprehensive review of big-data and privacy issues and the parallel report of the President’s Council of Advisors on Science and Technology (“PCAST”) in May (see here) as well as the European Data Protection Supervisor’s preliminary opinion on Privacy and Competitiveness in the age of Big Data (see here) published in April.
The European Commission recognizes that “the European digital economy has been slow in embracing the data revolution compared to the USA” and has identified various obstacles which as reasons, including:
- a lack of appropriate funding for research and innovation;
- a shortage of experts;
- the complexity of the legal environment;
- the concerns and reduced trust in the digital economy among individuals and organisations; and
- data location requirements limiting the cross-border flow of information and creating a barrier to a single market for cloud computing and big data.
The Commission is aware of the many opportunities that big data creates, realizing that “data is at the centre of the future knowledge and economy” and proposes an action plan to bring about the data-driven EU economy of the future.
From a data protection law perspective the following points in particular are noteworthy:
- The European Commission emphasizes that big data processing has to comply with applicable data protection rules when it involves personal data. But the Commission demonstrates its willingness to enact effective data protection and network security rules, whereby the legal framework and the policies should be data-friendly. The European Commission calls for the legislative process on the reform of the EU data protection network and information security to be rapidly concluded as it hopes that this will foster trust and confidence and increase legal certainty. The reform should be complemented by adequate guidance on issues such as data anonymization and pseudonymization, data minimization, personal data risk analysis and tools and initiatives enhancing consumer awareness.
- The Communication addresses the actions taken under the European Cloud Strategy, including the work on trusted cloud computing, standards, certification and fair contract terms and conditions for cloud users. These are described in more detail in the Report on the Implementation of the Communication ‘Unleashing the Potential of Cloud Computing in Europe’, a Commission Staff Working Document, which was also published on July 2 and can be downloaded here. The Commission will also launch a consultation on “personal data spaces” (basically user-controlled cloud-based technologies for storage and use of personal data) and study barriers created through data location requirements.
- The Commission envisages funding for a series of projects related to the Internet of Things (essentially data gathered through smart connected objects) as well as support for R&I for privacy-enhancing ‘by design’ technical solutions, such as tools to assist users in selecting appropriate data sharing policies or reducing personal data breaches.
- The Commission also wants to explore the security risks relating to big data and intends to propose risk management and mitigation measures, including guidelines on good practices.
The Commission will further consult with Parliament, Council, Member States and relevant stakeholders to draw up a more detailed action plan.