As the Maltese presidency is coming to an end, those of us in the tech policy Brussels bubble spent two days in the beautiful city of La Valetta to attend the Digital Assembly, organised by the EU Commission. The timing for the event coincided with the end of roaming fees in Europe which the Commission made sure nobody forgot for a second. There were stickers, speeches, tweets, presentations, posters, videos, and even fireworks.
Left: Fireworks, Right: Our emotions
In all seriousness, we are thrilled that the EU is ending roaming charges, first for phone calls and then for data usage, over the next few years. This would have never happened without the work of the Body of European Consumer Organisation (BEUC) and its members. Thank you!
At Digital Assembly, all the hot topics in “digital” were up for discussion, from copyright to e-Privacy, Internet of Things (IoT) to data economy, cyber security to artificial intelligence. For each issue, the EU Commission invited experts from industry, academia, and government. As for civil society, participation was limited to our colleagues from BEUC, who were invited to speak at one session. This means that out of 12 workshop sessions, civil society was only represented in one discussion. The Commission can and should do better to ensure civil society participation and users’ representation. Since civil society is being left out of conversations, doing what is in the public interest was only a rare talking point throughout the event. These discussions turned into an industry lobbyist’s paradise.
ePrivacy reform: Is your business model sustainable?
One of the first discussions of the Digital Assembly focused on the ongoing ePrivacy reform, launched by MEP Marju Lauristin, rapporteur for the file. She presented her draft report, which strengthens rules on privacy by design and bolsters the safeguards against tracking. The presentations by Telefónica and Apple that followed shed light on the differences in position that exist within the industry between companies whose business model is based on harvesting personal data and those that put measures in place to limit such collection. For companies like Telefónica, “privacy must be balanced with social benefits” and companies must do more to explain the value of the data economy to users. Telefónica seems to have missed the memo (a.k.a. the EU Charter of Fundamental Rights) explaining that privacy is a fundamental right and is in itself a social benefit. The company also thinks that if only 3% of people are satisfied with how their data is used, it is because the other 97% don’t understand it, and not because they are not OK with the data harvesting practices.
Companies like Apple, on the contrary, are supportive of the ePrivacy Regulation, and are already offering several tools to give people better control of their personal information and limit data collection. This reflects a new trend of companies offering services that put users’ privacy at the center of their innovation, making a conscious choice to develop products that will safeguard their rights, not only to meet legal requirements but also to use privacy as a competitive advantage. This does not necessarily mean that these companies are perfect, nor compliant with other societal obligations, but it does show that innovation and privacy can go hand in hand.
Free flow of everything
Enabling the free flow of data, preventing data localisation, and developing a data culture were the three key topics at the core of the data economy discussions. Similarly to the ePrivacy discussion, lobbyists explained to lawmakers that people do not understand the value and benefits of the data-driven economy. Once again, the possibility that we would prefer a different type of economy based on privacy-friendly innovation was not discussed. Unfortunately for the industry, fundamental rights are not optional and it might be time to re-think their business models.
Commissioner Andrus Ansip summed up the situation perfectly when he said that “certain companies have issues changing their business model even if it is unsustainable”. While the Commissioner was referring to the behaviour of the publishing industry in the copyright debate, this quote is perfectly applicable to companies like Telefónica, Facebook, Google, and others, which appear to see innovation as possible only when the goal is to collect more data, not when developing a privacy-friendly economy. Betting against users’ human rights is unlikely to be a sustainable business decision in the long run.
Next to “roaming” and the “free flow” of data, “cyber” was definitely among the most popular catchphrases at the Digital Assembly. In our attempt to clarify the scope of what cyber was supposed to mean during the discussions, we’ll focus on the IoT security workshop. After one and a half days of more optics than substance, it was a refreshing change of pace to listen to an informed debate rather than rehashed political talking points.
All panelists agreed that the responsibility for ensuring the digital security of connected devices is not on the user, with which we wholeheartedly concur. The takeaway was that we should demand better products than the ones currently on the market. When we buy a smart fridge our expectation is and should be that it is secure and will not be compromised. This is not an additional feature for which we should pay even a cent more. Speakers fleshed out the advantages and concerns regarding standards and certifications (and the inadequacy of self-certification in particular), and the question of liability. There was a good reminder from Jaya Baloo (KPN) that the biggest data breaches in recent times happened to companies that were compliant with the most prevalent certification.
The key message from the workshop for us, and from the entire event for that matter, is that both the EU and industry face the same challenge: they do not have our trust. Only protecting our fundamental rights will increase trust, and it will benefit the IoT market and the economy as a whole. Without addressing this central issue, the digital single market will remain a fantasy, and a patchwork of half-baked solutions won’t make it work. We need the appropriate safeguards for our rights.
Next steps and recommendations
As everything in our daily life and society is becoming “digital”, the annual Digital Assembly is an increasingly relevant event. The issues discussed are central to the delivery of a fully functioning digital single market. The policies enabling the digital single market must be based on facts, must respect EU treaties, and must deliver benefits for users and businesses. This will not happen, however, if only one part of the single market is represented. We hope that the upcoming Estonian and Bulgarian presidency and the Commission will organise engaging events where civil society can participate in a meaningful way. We look forward to future events to defend the digital rights of users at risk around the world.