Microsoft president Brad Smith on Tuesday said Europe was the global leader on setting rules for big tech, two years after the EU implemented the GDPR, its landmark data privacy law.
Smith spoke at an online debate with European Commission vice president Vera Jourova, the top EU official who was in charge of the data privacy rules when they became reality in 2018.
Brussels introduced the General Data Protection Regulation (GDPR) to give people more control over data and their privacy settings.
The rules also gave EU regulators the power to fine and punish internet actors — including Facebook, Google or Uber — who broke the rules on protecting personal data.
“I do continue to see the trends from Brussels being the most influential in the world,” Smith said during the debate hosted by the Brussels-based CERRE think tank.
“Even when you look at something like the Australian law last year … it was clearly influenced by a lot of thinking that had been taking place for a couple of years in Brussels,” he said.
GDPR is seen as a major accomplishment by EU officials and Jourova underlined that the law made it easier to develop tracing apps to fight a resurgence of the coronavirus pandemic, despite concerns over privacy.
GDPR “is based on the value that my identity is something I cannot sell and I have to have a 100 percent guarantee that my privacy and my identity are protected,” she said.
“Through the principles of GDPR, you (are) more assured that the tracing apps will not go beyond what we want in an emergency,” she said.
– Power to fine –
The GDPR’s second anniversary will be marked on Wednesday by the release of an EU report underlining some of its remaining shortcomings.
According to a draft seen by AFP, the report criticises the varying ways the rules are implemented in the bloc’s 27 member states.
For example, the age of consent to share data with social media platforms such as Instagram or Tiktok vary widely, creating legal uncertainty.
The report will also warn that the GDPR was too cumbersome for small and medium-sized enterprises that struggle to meet its conditions.
Help for SMEs from authorities should be “intensified and widespread, preferably within a common European approach,” the report said.
The report also said that national authorities in charge of implementing the GDPR could be further beefed up in order to better investigate and deliver fines.
The biggest fine so far was of 50 million euros ($56 million), that was upheld on Friday, against Google in France because of consent problems on its Android mobile operating system.
Related: Microsoft Warns Governments Against Exploit Stockpiling
