Hanne Juncher is the Director of Security, Integrity and Rule of law at the Council of Europe. See the full speaker profile here.
From your point of view, what are the priority challenges for data protection & compliance in the years to come?
The priorities for the Council of Europe in the area of the protection of privacy and personal data is to ensure an appropriate protection of individuals in the digital age and to facilitate the creation of a free data transfer area among like-minded countries. These priorities are underpinned by high level principles enshrined also in the Council of Europe Convention for the protection of individuals with regard to automatic processing of personal data (“Convention 108”) which are very well known today by most privacy experts. Still, their implementation needs additional efforts. We have to face the fact that the implementation of even some of the high-level, general principles in the 55 parties to Convention 108, such as the right choice of the legal base for the data processing, purpose limitation or the exercise of data subject rights is facing difficulties, despite the fact that they impact millions of data subjects every day. Those high-level standards, some of them established 43 years ago, do not only require a compliant legal framework and state institutions but a whole ecosystem and an overall culture which work in favour of the protection of these human rights also in the current economic and geopolitical context. Looking at the political backsliding in some countries in Europe, and also globally, we observe that these are often the first rights to be curbed. In addition, due to the fast pace of change as regards the underlying processing techniques and technologies, and the massive deployment of technologies such as machine learning or AI, we need to find new, innovative ways for the implementation of the rules and principles enshrined in our instruments. However, our two primary objectives which remain unchanged: protection of individuals and free flow of data.
How important is international cooperation to address these challenges and ensure data protection and privacy?
It is key. History showed us that decisions that have global impacts can only be made in cooperation as fragmentation usually contributes to the lowering of standards. Without international cooperation there cannot be trust and confidence and data will not flow freely. Moreover, as the predominant business solution for storing personal data today is cloud services, which most of the time includes storing data in several if not multiple jurisdictions, international cooperation at policy, regulatory and enforcement level is clearly indispensable. We all benefit tremendously from these products and services, but standards should be the same and implementation of the existing legislation should be done in synergies, just as for civil aviation, financial services, media, etc., which also depend heavily on services that require the crossing of borders. If we live in a country where the data we publish on the internet are used for different purposes, where profiles are created on us without our knowledge, where machines are making decisions affecting our lives and future without us being asked, where there are no checks and balances on the processing of data by the state itself, where there is no public authority to turn to, or if there is it cannot act effectively, where the policy on human rights compliance is largely left to the service providers, then we cannot feel completely safe and we cannot benefit from these amazing technological evolutions at their fullest potential.
Do you observe fundamental changes and evolutions in the domain of personal data protection and its perception?
Yes. We see lot of improvements: more than two thirds of UN member states (approx. 156) have in place national data protection legislation, and the protection of personal data is on the agenda of every country, as well as international organisations. Several initiatives have been launched in recent years and some will be launched in the near future. We see those initiatives as an evolution and the manifestation of high-level awareness, as well as a testimony of very concrete engagement to act. The main foundations for the protection of this right have been established, legal frameworks exist, and now we see important efforts to bring them closer to each other, and to have a meaningful reflection as to what could be and should be the minimum acceptable standard for all. That is a huge difference compared to the previous state of play which we also knew very well that the protection of personal data is a very technical, almost niche area of law linked to the statistics known to and by few experts worldwide.
Why conferences such as the Privacy Symposium are important and how can they support data protection and compliance?
The protection of personal data is a specific mindset, or as we prefer to say, it is an approach. This approach implies integrating all considerations related to the protection of private life through the protection of personal data and in every process. It is not a one-time exercise but rather a complex set of measures, procedures, and practices that one needs to undertake and repeat for every operation. This is demanding but conferences presenting best practices, trends, developments, explaining changing legal frameworks, prospects for improvements, possibilities for networking and opportunities for cooperation can be invaluable if we are to succeed in this important task. As discussed above and as we see with the growth of this symposium even further this year, the level of interest and commitment continues to grow.
Would you have any advice or recommendation to share with data protection professionals and/or data subjects?
Yes. Don’t try to protect data, always protect individuals. In other words, see always the humans, the people behind numbers and figures. Even if within an algorithm it is hard to see with human eyes.