Paul Nemitz: Laws rule over tech, not the other way around
Interview with Mr. Paul Nemitz, Principal Advisor on Justice Policy, EU Commission:
Entering his Twitter profile is the best way to keep up with today’s discussion about personal data privacy and protection. A social network, a service which is usually his study center, also becomes a platform of action in itself.
Paul Nemitz’s feed in the microblogging network sheds some light into the highly informed person that he is, always worried about human rights in these technological and socially changing times. His pertinent selection of information is already enough for a Follow.
But no, his relevance isn’t limited by his Twitter account. Nemitz is of key relevance in the writing and implementation of European laws that empower the user when dealing with big tech companies. Today he is the Principal Advisor on Justice Policy at the EU Commission.
On June 10th, we had the opportunity to have an interesting conversation with Mr. Nemitz, that resulted in an interview that he kindly agreed to our blog here at FySelf.
Interview with Mr. Nemitz
GF (Gabriela Fernández): Two years after the creation of the General Data Protection Regulation (GDPR), what have been its main advances or major breakthroughs and what are its main challenges today?
PN (Paul Nemitz): The main advantage of the GDPR is that we have now a place that gives orientation to controllers of what they should be doing and, by the way, not just in Europe but all over the world (there are many countries that are copying GDPR) and at the same time for those citizens who want to know their rights, they have now stronger possibilities.
We just had a judgment in the Netherlands where the data protection authority did not aid in the complaints of the individual against the way its data was used by a controller of data, and the court in the Netherlands came to the conclusion that the data protection authorities have to pay the citizen a compensation because they should have acted in his favor and investigated the case.
You know, nothing is perfect in the world, but is good to have such a law and ensure that it could possibly get better and the cause will help this.
The biggest weakness is, until today, is on the one hand the lack of resources in some of the data protection authorities because it’s clear that in a world of ubiquitous data, ubiquitous artificial intelligence, ubiquitous digital processing of data, data protection authorities have very central fraction of their needs, the qualified staff and also the number of staff to fulfill the tasks.
We also have some questions of organization and priorities and fragmentation. In some member states where data protection will certainly improve, for example, in Germany the data protection authorities are very fragmented, there is now a discussion on the way to bring them together into one stronger structure.
In some places, the data protection authorities are not acting with the necessary rigor. We know for a fact that Facebook, Google and the other big technological companies have presence in Europe. There are problems, but I’m confident that in the course of things – specially with the help of the super society, Academia, and courts- these problems will be addressed properly.
GF: Mr. Nemitz, Europe, without a doubt, has demonstrated its leadership on the subject with this regulation. How do you see the situation in the rest of the world? How is the protection of data in other latitudes promoted by the European Commission?
I think Europe has a lot to share on data protection. This continent has a big story to tell and we have a data protection law since the 90’s of the twentieth century.
So, we have a long experience and we are happy to share it, also with all its failures and all its weaknesses. But we would also like to share with each country in the world the progress which we have made. There is indeed a very strong demand to fight against this as good as we can.
GF: What organizations, companies, software or personalities would you highlight for their good work regarding data treatment and protection?
PN: There are many people involved in data protection work and suddenly the VicePresident of the Comission Viviane Reding brought this project forward and took the iniciative and has made a historic breakthrough. She was the VicePresident of the Comission when Edward Snowden revealed the American mass surveillance. She called the revelations of Snowden a “wake up call”, so I think we have two figures who have made history.
I would also count among the advocates, mothers and fathers of the data protection many members of the Academia, the civil society, people like Mark Schrems, Spiros Simitis the Greek professor who was the first data protection authority in the land of Hessen in Germany. And most recently I would think the important contributions of professor ShoShana Zuboff who wrote the book “Surveillance Capitalism”. This book has detailed the practice of Google, Facebook and how this companies exploit individual and personal data and how they feed a capsule of lies about the reality of this exploitation.
GF: Mr. Nemitz, how can decentralization-based technologies, such as Blockchain, comply with the GDPR? Do you think that technological development advances faster than laws?
PN: First at all, technically speaking Blockchain may be decentralized but, in terms of organization and power and economic realities there are blockchains which are really decentralized but there are blockchains that are in the hands of those who created the system. So, let’s not be misled: not every blockchain is a democratic decentralization of power.
Blockchains are a creation of a very libertarian attitude and many who are behind blockchains want to make money without being regulated by democracy and State. I think towards any technology we need to have a particular mindset in regard to Blockchain.
How Blockchain can complies with the GDPR is the subject of much literature, more prominently the studies of Michèle Finck who has written about this in the studies for the European Parliament. One thing is clear: the right to deletion which everybody has on their personal data can’t be undermined. Therefore, if it is so that data cannot be deleted once it is on Blockchain, that means then that Blockchain can only be used in context when there is no right to deletion.
It is very difficult to use Blockchain, there now there are new concepts of emendable blockchains but we will have to see. In any case, I think that democracy and the rule of Law means that technology has to comply with the rule of Laws and with democratic decision making, and not the other way around.
Of course technology develops faster that the laws, that is very natural because democracy laws develop very slow. It needs discussions among people, it needs a long time to gain consensus. And we have to be careful in this increasingly technologized, colonialized world that technology does not get the upper hand simply by the speed of development. We must make sure that democracy rides over technology and in the end technology has to accept.
I see a sort of rethinking in Silicon Valley about this, and I think that’s good, so there is a rethinking. So technology has to accept that, in a country where democracy reigns, it’s the lawmaker who makes the rules and not the company which develops the technology.
GF: What do you think about Solid, a web decentralization project led by Tim Berners-Lee?
PN: I don’t know this project in detail but I’m publishing a book tomorrow that is called The Human Imperative: Power, Freedom and Democracy in the Age of Artificial Intelligence. In this book, I have discussed two trends which are very opposing.
On the one hand, we have technology has the tendency to centralize, to standardize, to harmonize. And if we leave governance to technology only, this leads to an enormous power concentration. Then, we see this power concentration on the Internet, the power of those who are at the center of the Internet is increasing enormously.
On the other hand, in the free countries in democracy we have a principle of division of power: we divide our power not only horizontally between legislators, the government, and the Fourth State the Press, but also between different levels of government: the country, the region, the city.
In such a powerful system as the Internet, and as digitalization, we have to introduce those ideas of division of power. And so, from this point of view, the system of decentralization and re-decentralization of the Internet because the original idea of Tim Berners Lee was the empowerment of individuals who would use and make available their computing power in a decentralized manner, but they would be in charge.
So, the principle which he started the World Wide Web is a good principle, but what has happened is that the power has moved more and more to this big companies at the center of the Internet, you know: Google, Facebook, Amazon, Apple, Microsoft and so on.
So, I would welcome in principle, I’m happy to work with anybody who tries to re-decentralize power and re-empower individuals in live of this incredible concentration of power in the hands of these companies.
GF: Mr. Nemitz, what advice would you give companies to protect their data from cyber-attacks, to have greater security on the Web?
PN: Taking data protection and data security seriously and investing in these technologies makes sense. If as a company, you are able to tell your customers: you really don’t need to worry about your data, go ahead. That is for many customers, for many segments of the economy a very important marketing argument, it’s successful.
So, I think it is important to realize that good data protection and data security is not just a cost, it is also a selling point. And it seems increasingly companies realize that this is a selling point. And then customers choose between different offers also on the basis of this question: which offers a better option of data protection and data security?