(WSJ) The European Union wants to take control of its own data, part of a broader effort to wrest digital influence from large companies in the U.S. and China.
The EU’s executive arm on Wednesday proposed new legislation aimed at creating an EU-wide data marketplace to facilitate sharing of industrial and government information—provided the data is protected according to European standards, under the eyes of the bloc’s regulators.
While Europe has long enforced strict rules around the use and export of European personal information, this would be the first time the bloc has attempted to do something similar for industrial and government data, too. It is part of what officials call a play for data sovereignty.
The data to be covered include public-administration information like healthcare records or census results. Industrial data is a booming field as more factories get wired to the internet, particularly through new 5G networks, and companies mine “big data” for insights and competitive advantage. Proprietary information like blueprints, patented processes and market research is increasingly the target of hacks and theft—and EU officials say companies and public administrations would share more data if they could be assured it would be protected.
One provision of the new law would force companies processing certain government information to shield it from certain types of foreign-government demands to turn it over. While data subject to the law could be exported overseas, companies would need to ensure they are processed with the same protections as required within Europe—and officials don’t rule out future regulations to limit some exports in certain sensitive sectors.
The EU’s General Data Protection Regulation, or GDPR, offers similar protection for personal data.
“The battlefield for industrial data is starting now,” Thierry Breton, European commissioner for the internal market, said of the proposal during an event this week. “While being an open continent, we are not naive,” he added.
The EU proposal is one among many new regulatory salvos aimed at the world’s biggest tech firms. In coming weeks the bloc’s executive arm aims to unveil proposed laws to boost social media companies’ responsibility for and transparency about content they host, to require big platforms to treat smaller companies fairly and to allow competition-enforcers to order changes to business practices more quickly than before.
Wednesday’s focus on data comes as countries world-wide are ramping up measures to take control of their residents’ and companies’ information, at times requiring that the data stay local. China has localization rules for some data. Recently, the U.S. has attempted to force the Chinese parent of video-sharing app TikTok to divest the company to prevent data on American users from being shared with China’s government—something TikTok says it would never allow.
Big U.S. tech companies and internet activists have often decried the trend toward data localization, arguing that could accelerate a slow fragmenting of the internet, which could mean different parts of the world have access to different services and information.
“Unfortunately, the internet is becoming very Balkanized,” said Christian Borggreen, vice president and head of the Brussels office at the Computer & Communications Industry Association, which represents a number of large technology companies. “If you believe in the idea of a singular internet, that is very unfortunate,” he said.
Even as more businesses put their data in the cloud, they have often kept much the information on local servers, particularly European businesses, lawyers and consultants say. That hasn’t stopped American tech firms from leading the cloud market in Europe, however. In the first half of 2020, Amazon.com Inc.’s Amazon Web Services had a 40% market share in Western Europe for the infrastructure and platform cloud markets, followed by Microsoft at 15% and Google at 7.2%, according to IDC.
Europe’s efforts to regulate data—and where it can go—have so far been limited mostly to enforcing privacy rights over personal information. Since the late 1990s, it has been generally illegal for companies to send personal information about EU residents to another part of the world that doesn’t offer essentially equivalent privacy protections to the EU.
But exceptions to those rules, such as special data-protection agreements and specialized contracts, have allowed personal data to flow from the EU. Now, following a July decision from the EU’s top court striking down one of those arrangements and casting doubt on another, such transfers are in jeopardy.
Ireland’s privacy regulator, which oversees Facebook Inc. because its EU headquarters are in Dublin, has told Facebook that it has started an investigation that could lead to its ordering the company to stop sending EU residents’ data to U.S. soil.
The EU proposal Wednesday would also create a system to accredit a new breed of data brokers to serve as intermediaries between data providers, including companies, government agencies and even individuals, and those who might crunch it. Those brokers wouldn’t be allowed to have side businesses that monetized the data they help share, and would be subject to EU regulators.
The law “will put those that generate the data in the driver’s seat, moving away from the practices of the big tech platforms,” the Commission’s Mr. Breton said Tuesday. “We are defining a European approach to data sharing.”
Source: Wall Street Journal by Sam Schechner
No comments: