Data and privacy rears its head at DLD

It’s only day one of DLD, the annual TED-like conference in Munich thrown by German media giant Burda, and already we have a few misunderstandings brewing. Amid the furore surrounding the SOPA protests and lobbying form media companies, at the other end of the debate-spectrum, the European Commission, in the shape of EC vice-president Viviane Reding, has been looking at harmonising privacy and personal data in Europe.

Reding is looking at bringing in rules which would require European governments to enact privacy by default in online networks, European standards for storage of data (i.e. very high and very private), the ‘right to be forgotten’, and transparency in how data is used. That first point might sound like the death-knell of home-grown European online social startups, though one would hope it wouldn’t enacted quite so literally. We shall see.

More encouragingly, she said: “In Europe, we have too many rules, too many conflicting rules,” and outlined how the European Commission would prefer it if these rules were harmonised between European governments. This of course is a doubled-edged sword for tech startups. On the one hand, some jurisdictions in fragmented Europe are ‘freer’ than others, enabling a sort of competitive advantage. On the other, if everyone was playing by the same rules, technology companies could compete on merit.

There are are least 27 separate kinds of regulations governing privacy in the EU, which cost about 2.3 billion Euros a year to enforce. This is cash which European governments can ill afford to spend these days. So maybe it’s not a bad idea to merge these functions under one body?

I know for a fact Facebook has an almost impossible time in Germany compared to the UK when it comes with dealing with both federal government on privacy and – inexplicably – the regions governments of the german federal system who have a number of privacy commissioners who quite like to make a name for themselves now and again by starting the odd war (as happened recently).

As a result, Reding was today talking about personal data as if it was a sort of currency (a dangerous subject in Europe these days!) “Personal data is the currency of today’s digital market. And like any currency, it needs stability and trust,” Reding said.

This was enough to raise the hackles of commentator Jeff Jarvis who blogged his distaste for government’s meddling in people’s data. Well, yes Jeff, but the biggest breaches gently have been in the private sector (Sony Playstation network for instance) so maybe this isn’t such a bad idea?

Besides, Reding isn’t saying governments are perfect – she’s saying there is basically too much governance in Europe where privacy and data rules are concerned. Quite something for an EU commissioner to say in fact.

Jarvis also has something of a North American misunderstanding of terrorism problems in Europe. Reding wants a greater exchange of data among police authorities in the EU members to fight terrorism. Jarvis says this could be a threat to privacy, in practice, this is no different than Federal law enforcement, like the FBI, being able to track terrorist driving between US states. The problem for Europe is that not enough is happening on this front, and it’s borders are highly porous.

Reding is also arguing for companies to appoint data protection (privacy) officers. Here we can probably agree with Jarvis – this is over-kill. This is a compliance issue, and could probably be addressed with existing structures rather than a government-mandated “officer”.

The “right to be forgotten” and to “withdraw permission” from companies holding data on you is also on Reding’s agenda – though she stops short of sanctioning censorship of the media. Again, more North American misunderstandings from Jarvis. Try living under Stasi during the 1980s and then come and tell us that we don’t have a right for the state or companies to delete the data they hold on us… Indeed, TechCrunch’s Andrew Keen raised similar points in his later panel.

Europeans have deep memories about how data can be used for evil. Maybe their interpretations aren’t so bad after all.