Experts warn that there is the need to clarify the international legal framework for the use and flow of data.
- The South EU Google Data Governance Chair has been introduced as a European forum for reflection on Data Governance.
- Giorgia Abeltino, Google: ‘This is one of our most important projects on a European scale’
- Wojciech Wiewiórowski, European Data Protection Supervisor stressed the need to ‘clarify’ data governance
On 24 June, the Chair on South EU Google Data Governance was introduced as an European forum for reflection on future challenges in terms of data regulations and data governance. It was chaired by José Luis Piñar, Lecturer at Universidad CEU San Pablo, whose Academic Council consists of the Lecturers: Maria da Graça Canto Moniz (Universidade Nova of Lisboa); Georgios Yannopoulos (National and Kapodistrian University of Athens) and Vincenzo Zeno-Zencovich (Università RomaTre).
During the first International Conference, a wide number of experts from the public sector and the academic world who work with data protection discussed data governance future and international data transfers.
European forum of reflection, debate and research
Director of Government and Public Policy Relations for the South of Europe at Google, Giorgia Abeltino, stressed that the Iniciative aims to go beyond the analysis of the impact of data governance. She affirmed that ‘Google is particularly engaged with the academic and research community work, so this new Chair is one of the most important projects at a European level. It could substantially contribute to shape the debate on data governance’.
The first edition of this International Conference was featured by Wojciech Wiewiórowski, European Data Protection Supervisor, who explained that monitoring is not only on the Politics side, but also on the Business and Civil Society sector, as well as a ‘scientific approach is needed’. However, he acknowledged that European initiatives include a high complexity for digital governance and that it must be ‘clarified’. He confirmed that the EU Works on several initiatives such as the Digital Services Act.
Regarding the Artificial Intelligence Act, he explained that, even though he’s got ‘doubts’ about the need of introducing a new legal frame, it is a ‘suplement’ that completes the European legislation. That’s the reason why Wiewiórowski specifyed that this new Chair could become a meeting point for solutions proposals in the research field; ‘an exercise for policy-making in specially complex cases’.
During the opening, Francisco Pereira Coutinho, Vice-dean of the Law School at Universidad Nova of Lisboa; Meletios - Athanasios C. Dimopoulos, Rector of the Athens University; and Rosa Visiedo, Rector of the Universidad CEU-San Pablo of Madrid; took part.
Round tables
The first round table was on the ‘future of the data governance and data regulation’. It was chaired by the Co-ordinator South EU Google Data Governance Chair José Luis Piñar, who stated that the concept of governance is wider than data governance, what ‘implies proactive responsibility, transparency and a narrow relationship between government and civil society’.
Maria da Graça Canto Moniz, Visiting Associate Lecturer at the Nova Law School and Associate Lecturer at Universidade Lusófona of Lisboa, focused her speech on the problems raised by the General Data Protection Regulation and the Data Governance Act (DGA).
However, she aims to ‘promote data availability to gain trust on data’. By reinforcing data exchange mechanisms all over the EU. However, there are obstacles to regulate both personal data and non-personal data under the same regulation, open data and the use of information in the public sector.
This way, Canto Moniz specified that, among the definitions that should be tackled or clarified, are those that are identified by DGA, as ‘data holder’, ‘sharing service provider’, ‘user’ or ‘data altruism’. Since it is far from clear how these concepts can be used in the data protection field. The same thing happens with those concepts related to personal and non-personal data usage and mixed data. As the Lecturer said: ‘the lack of coherence in the Regulation leads consequences such as the ‘legal insecurity’, what would weaken the protection that the GDPR aims to guarantee’.
On the other hand, the Associate Lecturer on IT law and Computer law and Director of the Law and IT Lab of the University of Athens, Georgios Yannopoulos, raised the question about what would happen with certifications in case that les regulation meant more trust on companies; or, in the contrary, who would impose an ‘excess of regulation’: how many authorities are needed for its control, why data or why a law-maker for law-makers is needed.
Nevertheless, he acknowledged that many of those questions did not have an answer yet. He relied on the idea that of these being indicators of how researchers will find the answers or guidelines for legislation regulations interconnections.
The last participant of the table, the Chaired Lecturer of Comparative Law at Universidad de RomaTre Vicenzo Zeno-Zencovich, considered that the EU has an ‘excess of authorities in charge of regulation’, with more than nine entities already present in different fields such as
telecommunications, data protection, media, consumers, competitiveness and cybersecurity. Some others such as ‘Data Innovation Board’ or Artficial Intelligence regulatory sandboxes are added to them. In relation to the second one, from his point of view, this could be applied to marketing, but not to legal matetrs’.
Both Yannopoulos and Zeno-Zencovich agreed on warning of an excess of regulation (hiper-regulation): ‘there cannot be a law-maker for every country’. This could generate ultimately a ‘data chaos’ caused by a conflict between regulation and law-makers, at a European level as well as an international level.
The second round table focused on ‘international personal data flows. Bojana Bellamy, President of Centre for Information Policy Leadership at Hunton Andrews Kurth highlighted that ‘data flows are critical o the economy, for society progress in the context of the 4th revolution in which we are inmerged’. After this pandemic, it is absolutely essential that we start being capable of sharing data for health protection’.
According to what Bellamy said, this issue causes confusion and affects all enterprises at a global level. It is one of the three main challenges on a commercial, strategic and compliance scale for enterprises that function internationally. Furthermore, he stated that the new standard contractual clauses provide judicial security but generate an important bureaucratic burden enterprises compliance.
Bellamy concluded that ‘market efforts are trying to control data location, data sovereignty and cloud services as a solution to some of their problems, but this is not what Europe is about.
On the other hand, Alex Greenstein, Director of Privacy Shield in the U.S. Department of Commerce, focused on the difficulty to cuantify risks and benefits caused by data flows. He analysed the USA and the EU in relation to this issue.
Greenstein stressed that this issue must be of ‘high priority’ for the US government, and since the first day of Biden Administration after he took office, it has been given an extremely high level of attention’.
In this respect, he explained that ‘the United States and Europe are closer that what could be expected’, since both share the same fundamental values and the respect for privacy. However, they have a different approach on the matter. Finally, he added that ‘even though the United States have a different legal system, we are committed to overcome these differences and focus on finding ways to work together on the issue’.
Ralf Sauer, from the International data flows and protection unit at the Directorate-General for Justice and Consumers of the European Commission, confirmed the European Commitment to data flows: ‘if there is a block that takes a chance on the fight against protectionism in terms of data, that’s the European Union. The Union has defined a very clear policy regarding this matter during its trade negotiations’, said.
According to Sauer, the European regulation on this issue aims to ‘guarantee equal conditions’ of all Parties, so that those who want to take part from the outside can play under the same rules than European actors. Furthermore, he pointed out the need to ‘guarantee that we are capable of using data in Europe and that we have the necessary infrastructure to manage and maintain data access’. This is not related to protectionism’, he settled.
To conclude his talk, Sauer highlighted the work that is being done on a OECD level and other international forums in order to achieve global principles on data access and governance.
At the closing, José Luis Piñar concluded that ‘it is necessary to clarify the legal framework on data use and flow at an international level and to find solutions to end the current situation regarding hyper-regulation’.