2020 et au-delà

2020 and beyond

Legal Watch – December 2019.

It's a new year, but also a new decade, with its challenges, constraints and promises.

To better address these issues, let's take a brief look back at 2019.

More than a year after the GDPR came into force, an initial assessment of the Regulation's implementation is already possible.

The European supervisory authorities have taken on their new powers and imposed their first sanctions.

They have also established cooperation to address cross-border complaints.

The following observations can be noted:

  • The authorities have GAFAM in their sights as much as smaller structures.

This is evidenced, for example, by the fines imposed by the CNIL on Google amounting to fifty million euros and by the Berlin authority on the real estate company Deutsche Wohnen amounting to 14.5 million euros.

At the same time, hospitals, schools, telecommunications companies, as well as associations and public entities, are being fined for smaller amounts, often due to breaches of security obligations, disproportionate use of facial recognition, but also for illegal use of cookies, as recently in Belgium.

  • Difficulties arise, however, when an authority is faced with a significant geographical concentration of businesses.

The procedural delays in Ireland concerning complaints against Facebook and WhatsApp are thus beginning to cause diplomatic turmoil in the community of supervisory authorities.

Despite these difficulties, we are seeing increasing compliance and a gradual clarification of the legal framework.

Recent rulings by the European Court of Justice concerning online data collection, the concept of co-responsibility and the right to be forgotten have contributed to this clarification.

  • Beyond the European context, data protection and privacy are becoming a global issue.

In the United States, the Federal Trade Commission is not far behind with a record fine (settlement order) of five billion dollars against Facebook.

The California Consumer Privacy Act, which came into effect in early 2020, also becomes a legal framework for businesses operating in California.

While China is developing a dystopia that establishes widespread surveillance of its population, data protection laws are being adopted in Asia and Africa, particularly in India, Togo, and Kenya.

2019 saw the emergence of major concerns that will develop in the coming years.

  • Online data collection through cookies is one of the main topics of debate.

Even though the European "ePrivacy" directive project, from which much (too much?) was expected, has been stalled, pending a new proposal from the European Commission, the rules governing the use of cookies and the operation of ad techs in general should be clarified. 

With the aim of providing freer and more specific consent from the Internet user to the processing of their data.

  • Artificial intelligence is, finally, a major issue for the coming years.

Linked to facial recognition and biometrics more generally, it constitutes both an opportunity and a challenge for our democratic societies.

It is not without reason that it features prominently in the programme of the new European Commission, and that the CNIL has opened a public debate on the subject.

European initiatives on the subject have been listed by the European Agency for Fundamental Rights.

Artificial intelligence is also the theme of the next international conference (CPDP) which will take place in Brussels from January 22 to 24.

These considerations lead us to questions that go beyond the legal framework to address the ethical aspects of the use of new technologies.

Beyond the law, it is human dignity that is at stake, as our democracies are assailed by information that is increasingly difficult to verify.

The scandals linked to the manipulation of voter information in the United States and Great Britain raise questions about our future societal choices, in a fragile political, economic and environmental context.

A global vision seems increasingly necessary to approach future decades beyond 2020.

This is an exercise carried out by the European Data Protection Supervisor, Giovanni Buttarelli, who died prematurely in 2019.

His thoughts were recently made public in the form of a manifesto, "2030: A New Vision for Europe," which concludes with a ten-point action plan for sustainable privacy.

The links he forges between data protection, democracy and human dignity in a context of profound environmental and social changes are a true source of inspiration.

Enough to sharpen our critical thinking and our imagination at the start of this year, which we hope will be as beautiful as possible.

Anne Christine Lacoste

 

Excerpt from Bruno DUMAY's book: GDPR DECRYPTION – For Managers, Strategic Departments and employees of companies and organizations – Preface by Gaëlle MONTEILLER

Discover Viqtor®
en_USEN
fr_FRFR de_DE_formalDE es_ESES elEL it_ITIT hrHR pt_PTPT nl_NL_formalNL de_ATDE_AT etET fiFI lvLV lt_LTLT sk_SKSK sl_SISL en_USEN