With massive data breaches galvanizing media and public attention, individuals and governments are scrambling to ensure the privacy and security of online information.

The European Commission, Council and Parliament are now in the final round of negotiations on a new regulation, which aims to harmonize and modernize Europe’s current data protection regime.

IBM supports this effort to protect the privacy of Europe’s citizens, and urges European Union leaders to:

• Extend Safe Harbor – recognizing of course the need to ensure adequate privacy protections, policymakers in the E.U. and U.S. should preserve the world’s most mutually-beneficial digital trading relationship, resist calls to erect barriers to Trans-Atlantic data flows, and renew the Safe Harbor Program. Over 60% of Safe Harbor certified organizations are small and medium enterprises. These entities are recognized the world over as drivers of economic growth and job creation. Now is not time to abandon a program that has fostered data-driven prosperity and strengthened the long-standing partnership between America and Europe.

• Focus on Risk and Intent – Europe’s regulatory framework should embrace a risk-based approach to data processing and analytics, focusing on the protection of high-risk, sensitive personal data. This will encourage a cultural awareness of data protection. By contrast, an overly burdensome regulatory treatment of low-risk data categories would be a major disincentive for companies to provide innovative data-related services in Europe. It also would be a distraction from the consequential, forcing companies to spread their limited resources too thinly and making them vulnerable to harmful data breaches.

• Sanction Harmful Practices, Not Technology – responsible profiling, or the ability to process data to extract actionable insights, is absolutely essential to the data economy. Regulation should focus on protecting data subjects from fraudulent and blatant misuse of personal data and ensuring that data controllers can be held accountable.

• Be Mindful of Modern Data Relationships – companies that process data may not necessarily have ownership of that data. In the age of cloud computing and advanced analytics, businesses often engage companies like IBM to help them extract insights and value from huge libraries of data, but ownership of that information remains in the hands of the client. Today, well-functioning liability arrangements govern relationships between data owners and data processors. The data protection regulation should avoid disrupting those arrangements so as not to bar access to data services that can help European businesses compete.

###

Share this post: