When Europe unveiled proposals last year to toughen up data protection rules, they were hailed as an important advance in rights to privacy. Now Brussels is weighing whether to adapt some aspects of the draft regulations in response to concerns over the impact on business. But any changes should not sacrifice the fundamental principle that individuals are the ultimate owners of their own personal data.
Reform of Europe’s data protection laws is long overdue. The current regulations date back to 1995, long before the world became web wired. Important questions have to be addressed as a result of technological advances that allow users to be tracked throughout cyberspace and their data to be mined for profitable purposes.
It makes sense to have harmonised regulations in a sector where borders are irrelevant. But any new rules should be reasonable and enforceable. In this context, it is right for Brussels to consider reviewing aspects that might conflict with a member state’s own laws, such as regards data storage, which also aim to protect consumers. It is also legitimate to worry that overly costly and restrictive rules might quash the competitiveness of Europe’s digital companies.