News and Music Discovery
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Why A Europe-Wide Data Protection Law Matters To Others


A new law takes effect in Europe today that could change how much control people have over their personal data. It's a European law, but aspects of it could indirectly impact us in the United States as well. The law's name doesn't exactly roll off the tongue. It's called the General Data Protection Regulation. Among other things, it will allow people to say, no, companies cannot collect my personal data. People will also have what's known as a right to be forgotten. Companies would have to remove certain personal information about you from the internet. Taking a leading role in enforcing this new law is Helen Dixon. She is the data protection commissioner for Ireland.

HELEN DIXON: We've actually been preparing for, really, about three years. We've massively increased the staffing that we have. We're now up to over a hundred staff. I think the big question is going to be, how many simultaneous big investigations can we take on?

GREENE: Now, Helen Dixon gets a big say in all of this because technology giants like Apple, Facebook, Google, Twitter, Microsoft have their European headquarters in Ireland. So she's taking on some huge companies. I mean, the entire annual budget for her commission is less than $14 million. That is about what the companies she'll be regulating take taken every 10 minutes. Of course, Dixon is not alone. She's going to be joined by Europe's other data protection commissioners. And their job together is overseeing what she calls a fourth Industrial Revolution.

DIXON: We're going to see a whole wave of new artificial intelligence applications coming on stream, including smart homes, smart workplaces, smart cars. And an awful lot of the change that we're seeing is centering around applications that collect and exploit personal data. But all of this is going to happen very soon. And so we need to focus on, where is the individual at the center of this? What levels of control do they have in relation to collection and processing?

GREENE: I think that many of us in the United States are already getting emails from apps asking if we want to update, which is tied to this law - right? And I wondered, does that speak to one of the real questions about this European law? Couldn't it get caught up in endless legal battles over whether a company has really done enough to ask permission? And don't these companies have endless budgets to basically keep those court battles going for years?

DIXON: It is a danger. It doesn't mean we shouldn't keep working on enforcement. But of course, there are many more efficient steps that we can take before getting into litigation battles. We would meet with the big internet platforms very regularly. We would talk to them about any changes they're making to their privacy policy or settings. And it's then suggesting to those organizations, if you don't come on board in terms of really being accountable...

GREENE: You'll fine them a lot of money.

DIXON: Yeah. And actually...

GREENE: Which is billions of dollars for some of these companies, right?

DIXON: Yeah, which is going to be very significant and punitive.

GREENE: I think Mark Zuckerberg said that he would honor this European law in the United States for American users, which a lot of people wondered - you know, if there's no enforcement within the United States, what would be the motivation of Mark Zuckerberg to do that? But would you trust Facebook to honor something like that?

DIXON: (Laughter) It's not my job to trust these regulated entities. I suspect what a lot of the companies are saying is, look, if we have to build these tools in respect of European users, of course we'll make the same tool available in the U.S.

GREENE: If Europe's making us do it, why not just make it available in the United States as well?

DIXON: Yeah. I think it's a matter of pragmatism in relation to what a lot of organizations have pronounced around making it a global standard.

GREENE: Now, Helen Dixon said she did want to emphasize that no one is trying to stop these technology giants from doing what they do well.

DIXON: We should have innovation and technology. It just should be implemented in such a way that it actually serves mankind. So it's really about ethical uses of data. It's trying to ensure that the individual is at the center of decision-making so that they understand any risks that are associated with the use of the technology.

GREENE: That was Helen Dixon. She is Ireland's data protection commissioner. Europe's new data privacy law comes into effect today. Transcript provided by NPR, Copyright NPR.