Data protection laws aim to do the very necessary job of safeguarding consumers and individuals in a digital, connected world, but we cannot neglect the impact on the companies that must meet these requirements.
As the association representing IT decision makers in Belgium, Beltug’s positions are drawn from the real experiences and concerns of business users of IT and digital technology in private and public entities of all sizes, including banks, local governments, retailers, manufacturers, and much more. These topics are also shared within our international association, INTUG. The ‘business users’ directly bring to us their challenges, and data protection laws are a priority topic for them.
Among their concerns are the lack of harmonisation on an international scale, which puts an undue strain on companies’ resources. Very many companies operate in more than a single market, and thus face multiple regulatory regimes. This is by no means only on an intercontinental basis: even within the 27 countries of the European Union, with the General Data Protection Regulation as a common ground, rules vary by country. Yet it is each company’s responsibility to ensure that they comply with the different requirements.
This requires, among many other obligations, translating complex, lengthy legal texts into practical IT implementation. By their nature, legal texts leave room for interpretation, and can be tens of pages long: conversely, IT and digital technology should be perfectly precise and, ideally, concise. This adds additional complexity. Regulators must keep in mind that the regulations they are drafting will bind all companies: not just the Facebooks and Googles of the world.
At the same time, technology evolves at a much faster pace than legislation, which puts brakes on innovation and the adoption by companies of new technologies that will support them. To give a single example, Blockchain has provoked a vast amount of involvement and interest by companies, opening exciting new possibilities. But Blockchain is not compatible with current data protection laws. So companies are hesitant to take advantage of the benefits it can bring. And we all suffer from this drag on innovation and growth: companies, individuals, national economies, international trade…
This disparity of development also creates a lack of clarity for businesses. One of the key questions they need answered: in a smart data-driven economy, or in ecosystems exploiting IoT, who owns the data? Who can commercialise the data? And how can we make sure the data is well-protected?
These are only a few examples to highlight how important it is to consider business users when drafting regulations that will impact them. The legislation must not only protect the privacy and rights of the individual, but simultaneously support and uplift the businesses that are critical to a strong economy. I look forward to exploring the options with a cross-sector panel of stakeholders in the Strengthening collaboration in data protection session at ITU Telecom World 2018 in Durban.