European Commission Calls on U.S. to Strengthen Data Protection Laws
EU Justice Commissioner Věra Jourová called on the U.S. to adopt more “robust and reliable” data protection legislation in the wake of the Cambridge Analytica scandal.
It was revealed last week that the British-based data firm, which was employed by President Trump’s team during the 2016 election campaign, harvested 50 million U.S. Facebook accounts without user permission and exploited the information to influence voter patterns.
“Horrifying, if confirmed,” Jourová tweeted after the story broke on March 17th, “Personal data of 50 mln #Facebook users could be so easily mishandled & used for political purpose. We don't want this in the EU.”
Jourová responsibilities as the European Commissioner of Justice, Consumers and Gender Equality include “ensuring the swift adoption of the EU data protection reform” and “concluding negotiations with the United States on a data protection agreement to protect the privacy of EU citizens wherever they live”.
Jourová told the BBC: "We see in the U.S. that the data protection is weaker there. We would like to see more robust and reliable legislation on the American side."
Jourová also directly blamed Facebook, stating: "In this concrete case, I think that we cannot blame the people, they have been victims of this behaviour and we have to regain trust as soon as possible, but it's not on us, on the legislators, but it's on the companies, Facebook first of all."
When asked about her thoughts on Mark Zuckerburg’s response to the data breach, Jourová said that she understood his effort “to explain and to regain the trust,” but that it will take “a much longer time” to fully recover from this scandal.
The Commissioner went on: "What we want from Facebook is to obey and to respect the European laws.
"The second thing we want them to do is many, many things under the principle of social responsibility and this is where I need to trust Facebook more, that they are going to continue, for instance, deleting hate speech from their networks."
Jourová no longer has a Facebook account herself, describing it as an "open space" for hatred.
Approaches to data protection vary significantly between the EU and the U.S.
Come May 2018, the EU and UK will be replacing their current scheme, the EU Data Protection Directive 95/46/EC, with the General Data Protection Regulation (GDPR), which will be much larger in scope. Any data breaches will have to be reported with 72 hours. One criticism of Facebook was that it failed to disclose anything about the Cambridge Analytica incident, despite learning about it in 2015.
The GDPR will also be far stricter when it comes to penalties, fining companies in breach of its rules up to €20 million ($24.7 million) or 4 percent of their annual income, depending on which is greater. These rules will apply not only to companies within the EU and UK, but any that are in possession of the personal information of European citizens.
In the U.S., data protection legislation is not folded into one blanket scheme. Instead, rules vary depending on the category of personal information being collected, and different states will have different versions of data protection laws. In addition, the U.S. has entirely separate legislation when it comes to the data of any person under the age of 13.
During her interview with the BBC, Jourová made it clear that she did not believe U.S. data laws were stringent enough. The Commissioner has urged the U.S. to adopt “something comparable” to the GDPR.
Jourová believes this Cambridge Analytica breach may be exactly the “wake up call” the U.S. needs now that "the tiger is out of the cage.”