Will the death of Privacy Shield be the awakening of European tech?

Ever since Snowden revealed the extent to which US intelligence agencies can so easily access our data, people have become mistrustful of US companies. A survey by GMX last year, for example, revealed that 73% of British internet users mistrust US companies over data protection concerns, which is more than double that of a similar survey in 2015 which showed that only 35% had such concerns. 8% of UK internet users have even left a US online service due to privacy concerns within the last twelve months, while 11% are planning to do so. By Jan Oetjen, CEO GMX.

The death of Privacy Shield

In July 2020, the European Court of Justice (ECJ) ruled to overturn Privacy Shield, one of the most widely used mechanisms to allow US commercial companies to transfer and store personal data from the EU in the US. The heart of the problem with Privacy Shield was always the fact that the General Data Protection Regulation (GDPR) in the EU stipulates that the data of European citizens must be protected regardless of its location and prohibits European firms from transferring personal data to overseas jurisdictions with weaker privacy laws. That is exactly what Privacy Shield failed to do, hence why the highest European Court ruled it illegal.

Europe has an opportunity to catch up due to its world-leading privacy standards

The EU and US will never be able to reach an agreement when their data privacy standards are so far apart. Instead of trying to find common ground by diluting the GDPR, Europe should use its data privacy leadership to its advantage in order to grow its tech industry and promote better standards around the world. The global digital industry is currently dominated by US, and increasingly, Far Eastern companies. It is players like Google, Facebook, Amazon, Apple, Alibaba, and TikTok that set the tone for global technology and data protection standards. Europe must become a relevant technology player before it can be the bearer of better standards for the world. But it has a lot of catching up to do.

As a first step, Europe must make a level playing field. As the digital infrastructure is in the hands of dominant US players, Europe has to make sure that components like operating systems, app stores, browsers, etc. are acting hundred percent neutrally and not abusing their position by pre-installing their own services, charging fees and setting their own rules of play. As the attempts to regulate players like Google took a long time, and besides a couple of billion Euro fines, did not have any effect on the market, Europe urgently needs a legal basis to secure access to digital platforms, especially those that have infrastructural character. This is of particular importance for the UK, as after its transition out of the EU it will rely heavily on its service and knowledge based economy to stand up against the global competition. Such level playing field will be vital to allow its strong tech start-up community to flourish and break through to meaningful levels.

As that alone does not create European alternatives, the question is how one could build relevant competition. This will only be achieved by pushing open standards to generate synergies within and across industries, and investing heavily to build up competitors that differentiate themselves in the European B2C and B2B markets by keeping European data in Europe.

Time to get moving

Europe’s digital companies will need to work fast to agree on the necessary open standards to foster competition. At the same time, politicians will need to act just as quickly to ensure these new legal frameworks are presented as a viable alternative to those dictated by US and in the future Chinese companies. While acting outside of the EU, as a GDPR signatory even post-Brexit, the UK will benefit from working with its EU neighbours on the same goals. It has proven to be possibly the most stringent enforcer of fines for breaches in data protection. The UK’s clear commitment to the principles of consumer protection and empowerment, and the willingness not to just introduce standards but also to apply them is perhaps one of the most promising areas of common interest between the EU and the UK. Only by investing in Europe’s own digital industry and promoting open standards would European digital companies have a chance. Come on Europe, it is time to get moving.

By James Preston, Security Architect for ANSecurity.
By Tod Beardsley, research director, Rapid7.
It’s undeniable that cybercrime is quickly becoming one of the biggest threats to businesses today....
By Richard Hutchings, CTO at Littlefish.
For a long time many have thought of identity security as a necessary burden. All those passwords, a...
At a recent forum of senior CTOs, CISOs and analysts, several participants expressed a dislike for t...
Turning privacy and governance into competitive advantage. By Joe Gaska, Founder and CEO of GRAX.
By Peter Carlisle, Vice President, nCipher Security.