The new EU data protection law taking effect May 25 has many small companies worried. But EU Commissioner Vera Jourova stresses that there is no need to panic – authorities will focus on watching the digital giants.
Vera Jourova: These are significant changes for EU citizens because we want them to be better protected and to have better control over what's happening to their privacy. And I think that this is a good step.
Mark Zuckerberg was recently in Brussels and pledged that Facebook would be fully compliant with EU law. It seems big companies are well-prepared; how concerned should smaller businesses be?
Small businesses in Germany are concerned. And of course they should take the necessary preventive steps. But many small companies, which do not process data as their core business, will just have to make some small changes which are not very demanding. So the companies should assess the level of risk regarding the data they use. And of course, talking about the big ones, Mark Zuckerberg couldn't give a different answer. I cannot imagine him saying, that he doesn't care about the European rules. So he said they would fully comply and they would even apply the European standards for protection of private data globally.
Made in Germany - The Business Magazine
Do you believe him?
I always believe somebody until I have strong reason not to believe. So we will check how well they are doing.
So tough times are coming up for companies, big and small, who rely on collecting data to stay competitive?
I think that Europe's General Data Protection Regulation, the so-called GDPR has to be applied in a proportionate way. That means: Proportionate to the level of risk. If a company does not process data as its core business, if they do not sell the data and make money with the privacy of people, they will just have to make minimal changes. The data protection authorities will focus mostly on the most risky businesses. Because companies that monetize the data of people should give something back to their customers. And that means they get better protection. We also need some common sense here. Because I heard a lot of incredible stories about how GDPR will be applied. But there is no need to panic.
Regulators in the US tried to introduce similar privacy safeguards but were stopped by lawmakers. Is the EU really setting a global standard?
I would say that the Americans need to take a closer look at what the Facebook scandal revealed. Because it turned out that we are facing a black box, an area without regulation. So my impression is that US citizens are now more alert and are asking why they aren't protected in the same way as Europeans. So yes, I do hope that Europe will set a good example of how we can and should protect the privacy of people. And of course a law equivalent to what we have in the EU would make the transfers of data from the EU to the United States easier and legally more certain.
Do you have all the means you need to ensure that the regulations are complied with?
We have the law in place. We have the authorities with the power to sanction violations and we have companies and institutions which are aware of these rules. The last element still missing may be that people need to understand their newly regained control over their private data. Because now they can say: Forget about me! And they should use their new rights.
When we look back in history will this be the point in time where the era of the digital Wild West ended?
We don't want digital businesses to harvest our data in unscrupulous ways. Because every individual, every person deserves that their data and their privacy are protected. Businesses will have to learn to live with that. So yes, the Wild West is over. We need to have new rules because the old rules date back to 1995, digitally speaking those were prehistoric times.
Thank you very much indeed.
Vera Jourova is the EU's Commissioner for Justice, Consumers and Gender Equality. The Czech politician and and lawyer has been part of the Juncker Commission since October 2014.