Prof. Ulrich Kelber is a Federal Commissioner for Data Protection and Freedom of Information in Germany. See the full speaker’s profile here.
From your point of view, what are the priority challenges for data protection in the years to come?
In the globally connected and increasingly digitized world, vast amounts of data are transferred and processed across borders on a daily basis in a highly dynamic technological environment. Thus, there is an ever increasing need for us to ensure that individuals’ privacy rights are protected. Laws, regulations and enforcement need to keep pace with the drastic technological developments on a global scale, both, in the private as well as in the public sector.
The increasing use of artificial intelligence and machine learning algorithms raises our concerns about the potential for automated decision-making to result in discriminatory outcomes. We will need to ensure that the use of these technologies is transparent, accountable, and fair, and that individuals are not subjected to decisions based solely on automated processing.
The GDPR already provides for significant fines for non-compliance. Together with our European colleagues, we need to make sure that companies are held accountable for non-compliance and that fines are effectively enforced, particularly against large multinational companies.
How important is international cooperation to address these challenges and ensure data protection and privacy?
Given the challenges as regards digitization in global business and trade, data protection is not a national concept anymore, but an international requirement. Cross-border cooperation between DPAs and other regulators is therefore essential to effectively supervise and enforce the law in an international environment and in globalised markets.
From an EU perspective, the promotion of convergence between different data protection regimes world-wide to foster future interoperability in order to achieve high standards of data protection globally is essential and a pre-requisite for important concepts like data free flow with trust (DFFT). Data protection and data security by technological means, including by privacy enhancing technologies, play an increasingly important role in this regard. International enforcement cooperation between DPAs and regulators from different fields, e.g. data protection and competition authorities, are crucial for cross-border data protection.
The importance of international cooperation between data protection authorities is reflected in the various fora where important work takes place, e.g. the GPA, the G7 DPA Roundtable or the Berlin Group (IWGDPT). International organizations like the OECD and the Council of Europe play an important role as well.
Do you observe fundamental changes and evolutions in the domain of personal data protection and its perception?
The GDPR has strengthened the rights of individuals with regard to their personal data and has placed greater obligations on organizations that collect and process personal data. This has led to increased awareness of personal data protection issues among individuals and organizations, and has also led to greater scrutiny of the practices of organizations by regulators. People rightly expect their data to be secure and user-friendliness. However, there is a need for more efforts with regard to the second point in particular.
Another notable change has been the increased focus on privacy by design and privacy-enhancing technologies. There is now greater recognition of the importance of building privacy considerations into the design of products and services from the outset, rather than attempting to retrofit privacy controls later. However, this thinking needs to resonate even more strongly with everyone. Too often, I still see that data protection is not considered from the outset and that the supposedly simpler solution is chosen instead.
Finally, there has been an increased recognition of the importance of international cooperation in the domain of personal data protection. As data flows across borders, it is important that there is a common understanding of data protection principles and standards among different countries and regions.
Why conferences such as the Privacy Symposium are important and how can they support data protection?
Conferences such as the Privacy Symposium are platforms to share information and best practice between international regulators and other stakeholders (businesses, academia, social society) and are therefore important fora for building common ground and mutual trust. They contribute to an international network of trusted partners to promote and enhance initiatives and instruments of co-operation.