The world is watching. On May 25, the General Data Protection Regulation will be fully applicable across all Member States and all organizations processing personal data of individuals in the EU will need to abide by these rules. The main drivers for creating a new privacy framework in Europe have been the harmonization and modernization of previous rules set by Directive 95/46, but only clear, forward-looking and predictable enforcement will make this piece of legislation successful.
The EU landmark reform of its data protection regime and the attention drawn by GDPR implementation requirements have confirmed how data became the fabric of our digital society, hence the crucial role of appropriate safeguards to protect citizens. Will GDPR provisions be flexible enough to adapt to upcoming technology developments? Innovation has to be pursued in parallel with data protection. GDPR reinforces individuals’ rights and lays down stricter obligations for processing of personal data, and, undoubtedly, it challenges industry in finding solutions to process datasets (e.g. to train algorithms for artificial intelligence) in ways that are innovative, but also ethical, secure and respectful of individuals’ privacy.
With citizens potentially affected by determinations increasingly made by automated technologies, additional emphasis on principles like fairness and transparency will be critical to build citizens’ trust in those new technologies. At the same time, a strict prohibition of solely automated decision-making – GDPR has a specific rule on this – might impinge on future developments of AI. Therefore, more focus is needed on risk-based accountability approaches by companies when designing and deploying autonomous solutions and on the availability of mechanisms for individuals to seek redress. Improving de-identification and encryption techniques is part of the responsible approach of organizations to minimize privacy and security risks in the future autonomous environment.
Companies have been working to translate GDPR rules into effective updates of solid internal practices and processes. Restrictive interpretations by regulators might stifle the capability of industry to advance artificial intelligence, autonomous driving, drones and blockchain, which have a tremendous potential to improve citizens’ lives and to help society in sectors like public health, agriculture, environment, transport and safety. As of Friday, European Data Protection Authorities and the European Data Protection Board are called to a critical task for the future of the EU: enforcing the rules while contributing to create a positive, harmonized and predictable regulatory environment for the growth of the EU Digital Single Market. We at Intel stand ready to support the implementation phase of the new privacy framework in Europe, by continuing our long-lasting dialogue with regulators on new technologies and on appropriate technical solutions for individuals’ privacy and security.
Best of luck, GDPR!