28th of January 2021 is the 15th year that we celebrate Data Protection Day. The Committee of Ministers of the Council of Europe on 26 of April 2006 decided to launch a Data Protection Day to raise awareness about data protection issues that affect everyone’s daily lives.
In the framework of the DataporEU Jean Monnet Module that NOVA School of Law was awarded, and in order to celebrate this day, the Observatory for Data Protection asked several renowned academics and professionals of this area to provide a brief comment on their views about the future of data protection on issues including but not only: the challenges ahead or challenges from the past that no longer exist; trends that they have seen happening from a legal or social perspective.
We are very happy to share with you their insights below:
Member of the Board, European Academy for Freedom of Information and Data Protection (EAID), Berlin/Germany
“In the new decade, data protection will not only be a task measured by new technologies but above all by cross-border data flows. Global data traffic does not stop at national borders, but regulation does. The failed Privacy Shield in particular has shown that it is becoming increasingly difficult to control data flows in a global context. Not only new political, but also legal solutions will have to be developed here. We still have a long and arduous road ahead of us.“
Legislative Policy Consultant and Data Protection Officer | Portuguese Ministry of Justice
President | APDPO – Portugal
Researcher | Cedis, NOVA School of Law
“The fundamental right to the protection of personal data has increased in importance, not only because we are moving to the digital world, but also because the pandemic has emphasized the need to protect privacy, especially in times of exception. In Portugal, the biggest challenge, in my point of view, is to empower our supervisory authority with the capacity to raise awareness among citizens about their rights and monitoring compliance by the organizations. And to impose fines!”
Sebastiao Barros Vale
Privacy Specialist Portugal Johnson & Johnson
“It is no secret that personal data is the raw material of our time’s social engineering strategies, fueled by powerful big data analytics. Regulators and activists from other fields of law – such as anti-discrimination, competition and consumer law – are increasingly looking to data protection rules for inspiration for their respective enforcement and action. This is particularly true with regards to how large online platforms conduct their business and shape how their users see the world around them.
Therefore, it has never been this important to ensure data protection experts establish effective dialogue outside of their bubble and help apply our field’s key concepts in more complex scenarios. In 2021, let us climb down from our own “ivory towers” and contribute to a fairer connected society, where data protection is seen as a highly regarded fundamental right and, if done right, an enabler of trust and progress.”
Augusto Cesar Torbay
Data Protection Officer
Autoridade Nacional de Segurança Rodoviária
“The current technological landscape makes it undeniable that artificial intelligence is taking a prominent role in the most diverse areas of activity, and the public sector is no exception. Indeed, the increasing volume and complexity of the data processed by public institutions require the development of efficient and innovative solutions that may, in essence, be able to improve the quality and effectiveness of public services.
While the adoption of emerging technologies does not contradict the ideals of privacy and data protection, considering the technological ambivalence of the current European legal framework, the modernization of public administration will require a conscious effort on the part of institutions to create the necessary conditions to ensure that the implementation of this technologies is carried out sustainably and compliant with the principles of privacy and data protection.
In particular, the management of the risks inherent to these systems will require a proactive attitude from organizations, as well as a special focus in the fight against digital illiteracy, seeking to strengthen the inclusive nature of the digital transformation of public services.”
Rodrigo Adão da Fonseca
CEO @ FUTURA – Law & Tech
“Since its commencement, the GDPR has managed to put cybersecurity, privacy, and data protection on the agenda of organizations, in a quite successful way. However, there’s still a long way to go until a good part of the diploma’s aspirations become effective: we need a better understanding of the law and its principles, and also, effective investment by companies and organizations, putting more money and especially, attention, where their mouth is. GDPR compliance is like a fitness program, and most companies are still at a very early stage. There’s still a lot to work on until we’re all in shape!”
Joao Filipe Monteiro Marques
“I have nothing to show”, this should be the premise of our lives in a time where it has become increasingly difficult to ensure a minimum of self-isolation from the relentless data miners (or should we say data drillers) of today.
Acronyms and initials such as IOT, AI or 5G tend to shorten the expanding dangers that our right to privacy and data protection face, creating an environment of false simplicity and safety where convenience and immediacy take precedence to proportionality and common sense. On this day, as we celebrate the seldom remembered liberty of being, my hope is that the gregarious world we live in, made up of peoples, social networks and nations, begins to duly appreciate the individual freedom that assures its prosperity and continuous evolution.”
Pedro Santos Azevedo
Associate Researcher at the Public Law Research Centre of the Lisbon University Faculty of Law
PhD student in Public Law at the Lisbon University Faculty of Law
“We have come, in the past years, from a time where data protection was somehow neglected by law, to a time where it became central in all aspects of it, finally acting accordingly with the importance reality demanded it to have. I believe our new challenges regard the balancing, and the correct way to do it, with all other branches of law, which naturally underly and represent different economic and social contexts.
While keeping the bar high in privacy requirements, we need to, on the one hand, understand and evolve in order to form a harmonic and uniform legal system, in which we have less contrary norms (v.g., some stating to act in a way that can breach privacy, others saying that privacy must not be breached), and therefore less normative conflicts; on the other hand, and having in mind that those conflicts will slowly fade, but new ones will appear, because the tension between data protection and other activities will always exist, we must embrace and be aware of the fact that balancing will always be required, which can only be done by a transversal approach to data protection law and, naturally, searching for the best ways (and teaching others how to do it) to find the Pareto Optimal for these matters having all the legal system in consideration.”
José Pedro Paiva
LLM Candidate in Law and Technology at Tilburg University
“It is not easy to pinpoint the exact moment in history when humanity started considering privacy and personal data as worthy of protection. However, we can certainly go as far as Aristotle to spot the awareness of a clear distinction between the public realm (polis) and what should be kept in the private sphere (oikos).
Throughout history, we have understood the importance of this distinction, and the private sphere became a space for developing our personality, autonomy, and, ultimately, our dignity. Perhaps to that account, this conception has evolved and spread in various forms of regulation aiming to award different types of protection to what we deem to be private.
Nonetheless, in the age of big data, the internet of things, and countless other open doors to our private lives, it is undoubtedly naive to consider this discussion to be over. Few rights are certainly absolute, and even Aristotle acknowledged the superior weight of the public sphere; however, it is comforting to believe that we are still allowed to ask ourselves to what extent we want to invite the polis into our identity. I surely do.”
Senior Lecturer in Law, Keele University, UK.
“If we are to seriously consider the future of EU data protection law, this should be reconstructed to pursue substantive equality goals. A new normative orientation for data protection is needed that will be guided by methods which bring forward neglected perspectives and narratives and ensure data protection’s inclusivity and diversity. Only if EU data protection law is attentive to the inequalities that the most vulnerable face, it can remain relevant in the future. It is up to EU data privacy scholars to take the lead in this direction.“
Gonçalo Martins Ribeiro
Co-Founder & CEO
“Over the years, data protection is getting more attention, especially when it comes to digital data protection. As companies become more data-driven, new measures should be taken to ensure that data is handled, processed and stored properly, as it is more important than ever to ensure everyone’s privacy.”
Legal officer at the Data Protection Authority of Malta
“With regards to the future of data protection, although we are heading towards the third year of GDPR enforcement, much work has already been done. Both at Member State level and at EU level. So I have an optimistic outlook on the continuity of the good work done by the Supervisory Authorities and the Board.
As for other stakeholders, I hopefully expect that some data protection principles will indeed be observed, e.g. the practical application of the principle of data protection by design since the beginning of the development of products. Furthermore, my expectation is that most controllers understand such topic’s relevance and put all efforts to comply with data protection rights, not improvising organisational measures, but really implementing in a manner fully compliant with the requirements of the GDPR.
Learning from the previous cases and awareness-raising activities must be the way forward towards the future of data protection.”
Portuguese Securities Market Commission
“I would like to start by saying that data protection and privacy makes me a very proud European citizen. To have 28 countries discussing and reaching a consensus about a data protection legal framework that is a reference all over the world is a great reason to believe in the European project. Even though, let us not forget that the European project is a project that is in crisis (especially with Brexit), but achievements like the GDPR make us believe that, if Europe is a place where the fundamental rights of all citizens and the protection of the most deprived prevails, all Europeans share a common ground that can help the world in all fields.
Data protection is a great example and my wish is that it stays on the good path and be increasingly accompanied by other fundamental rights, such as the freedom of expression and information, in a challenging digital era. In this era, it is important to recall and reinforce the main principles of society and our acquired rights to giant platforms is of extreme importance if we want to aim for a freer and more just society. It is our duty not to remain silent and to continue to value our data protection and privacy.”
Disclaimer: “The European Commission support for the production of this publication does not constitute an endorsement of the contents which reflects the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.”