E.U. Leaders Seek Way to Protect Individuals’ Data
|
Version 0 of 1. LONDON — Some European politicians want to keep Internet data closer to home. On Wednesday, Chancellor Angela Merkel of Germany will meet with President François Hollande of France to discuss plans to create telecommunications networks that keep individuals’ data inside European Union borders. The proposals could limit how companies like Google and Facebook share data between their operations in Europe and the United States. They also form part of a growing debate here over how consumers’ online information should be used by technology companies and government agencies. Many European policy makers, particularly in France and Germany, want to beef up data oversight in the wake of the revelations by the former National Security Agency analyst Edward J. Snowden about the surveillance activities of the United States and its allies in Europe. Yet analysts say any effort to keep European data solely within continental borders could prove difficult to put into effect because of how the Internet’s infrastructure is designed. Internet traffic like emails routinely crosses national borders, and changes to data infrastructure like servers could take years to carry out and may cost billions of dollars. Much also will depend on new data and privacy rules that are currently being debated by European officials, and how large American tech companies respond to European fears that individuals’ data has been misused. “It’s not possible to keep all European data inside the European Union,” said Mark Little, a technology analyst at the research firm Ovum in London. “It’s a very political idea. European politicians are responding to concerns about citizens’ data being held in the U.S.” The meeting between the German and French leaders Wednesday comes after Ms. Merkel stated that European data should be secured within local borders to avoid being seen or collected by American companies and government agencies. “We will, above all, discuss which European providers we have who offer security for our citizens,” Ms. Merkel said in her weekly podcast on Saturday, without providing specifics about the proposals to be discussed with Mr. Hollande. “So that you don’t have to go across the Atlantic with emails and other things, but can build up communications networks also within Europe.” In an effort to give people more control over how their personal information is used, Viviane Reding, the European Union’s justice commissioner, has spent more than two years shepherding new data regulations and privacy laws through the European Union’s labyrinthine bureaucracy. The proposals include giving Europeans the right to have their online information erased and providing individuals greater control over what data is collected and where it is kept. International companies with European customers would also have to comply with the strengthened controls or face fines totaling 2 percent to 5 percent of global revenues, or $138 million, whichever is greater. The rules, which are expected to become law next year, would allow companies to operate throughout the Continent if they fulfill the requirements outlined by an individual country’s privacy regulator. Currently, companies must comply with regulators in each of the 28 countries of the European Union. “Data protection has become a personal crusade for Reding,” said Patrick Van Eecke, a Brussels-based data protection lawyer at DLA Piper, adding that European parliamentary elections in May could slow down the process. As European officials push forward with these new data rules, analysts say any efforts to create email and other online services for just the European market could prove unwieldy. The Internet’s infrastructure, for example, relies on data moving across international borders. That structure would be difficult and costly to change, and could be almost impossible to police to meet European policy makers’ demands. Many local tech companies also use so-called cloud computing services that run on servers located across the globe. Any changes would require large investments to expand Europe’s own tech infrastructure. That may lead to higher prices for individuals as tech companies pass on the costs to customers. “You can’t create something out of thin air,” said Sylvain Fabre, a research director at the technology consultancy Gartner in London. “To build new network infrastructure from scratch is not going to be cost effective.” Despite the difficulties, some European tech companies are forging ahead. The Norwegian email service Runbox, which does not rely on servers in the United States, says it has seen a 34 percent annual rise in customers to 14,000 by the middle of February in the wake of the N.S.A. scandal. The company and local competitors have marketed themselves as a safe alternative to American email services that have been caught up in the recent privacy scandals. Deutsche Telekom introduced an Internet service for German customers last year that encrypted email sent over its network. The company said it was responding to the N.S.A. privacy allegations, and now wants to expand the offering across Europe by partnering with other local telecom companies. In response, some American firms are also expanding their European operations to comply with the Continent’s stricter stance, analysts say. That includes potentially expanding data centers in Europe that would allow users to access their information under local laws, instead of sending the data to the United States. “If companies want to play in the European market, they will have to comply with European rules,” said William Long, a data protection partner at the law firm Sidley Austin in London. “It’s too late to put the toothpaste back in the tube.” |