Watching the legal system deal with the Internet is like watching somebody trying to drive a car by looking only in the rear-view mirror. The results are amusing and predictable but not really interesting. On the other hand, watching the efforts of regulators — whether British ones such as Ofcom, or multinational, like the European Commission — is more instructive.
At the moment, the commission is wrestling with the problem of how to protect the data of European citizens in a world dominated by Google, Facebook and Co. The windscreen of the metaphorical car that the commission is trying to drive has been cracked so extensively that it’s difficult to see anything clearly through it.
So in her desperation, the driver (Viviane Reding, the commission’s vice-president) oscillates between consulting the rear-view mirror and asking passers-by (who may or may not be impartial) for tips about what lies ahead. And just to make matters worse, she also has to deal with outbreaks of fighting between the other occupants of the car, who just happen to be sovereign states and are a quarrelsome bunch at the best of times.
The idea behind the proposed new general data protection regulation (GDPR) is to extend controls to foreign companies that process the personal data of European Union citizens. The draft regulation proposes a strict compliance regime with fearsome penalties (up to 2 percent of worldwide turnover) for infringement. Personal data is defined as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social-networking websites, medical information or a computer’s IP address.”