Reding talked to Post Tech about these and other issues during a visit to Washington this week.
She believes that self-regulation-- promoted by Web giants such as Google and Facebook --isn’t enough to protect online users. And she’s skeptical of comments by a senior tech adviser for President Obama, who earlier this week said the administration will try to convince Reding and other European regulators that new laws that would hamper U.S. Web firms.
Reding is scheduled to meet with Attorney General Eric Holder and Secretary Janet Napolitano of the Department of Homeland Security to discuss how to balance individual rights and greater security to fight terrorism.
Here’s an edited version of the interview:
Q: Explain what you are trying to do in Europe on the issues of Internet data protection and privacy.
A: Today in Europe, if you are an American company, you have to abide by 27 different interpretations of the EU law data protection. This makes no sense for a business and is absolutely cumbersome. Our reforms are aimed at getting rid of this fragmentation and providing consistency and coherence for the whole of the continent. That means providing services to 500 million people, which presents a fantastic business opportunity for companies.
Q: What do you think of self-regulation? Is it a good idea?
A: Self-regulation can be little more than a fig leaf. It works only if there is strong, legally binding regulation in the first place. Otherwise self-regulation means that everyone does whatever he or she has in mind. Just look at the instability that self-regulation in the financial markets brought us. The financial markets, through personal greed and irresponsibility, failed to effectively regulate themselves. This is why I do encourage codes of conduct for businesses in Europe provided that they are fully in line with our European data protection law.
Q: Explain your philosophy behind individual privacy.
A: It is clear that every citizen has a right to their own data. Before a company can use your data they should ask for permission. This is a basic rule of the European Union.
We do have a set of rules today that is not always being applied and controlled in the way it should be. That has led to fragmentation and different interpretations of the rules.
For example, with Google’s StreetView last year, seven countries took seven different decisions on how to deal with a case of e-mails being collected and stored without people knowing it. Divergent interpretations of the same rules in the same situation is not good -- neither for citizens nor for companies.
Q: What is your view on data protection and security?
A: Data breaches is one of the questions that is very high on the agenda. We have seen data breeches recently on Facebook, Sony’s Playstation, credit card companies and so forth. There are no rules on notification of citizens today. But we will now have such rules on notification for all sectors so citizens will know when their data has been breached, whether by criminal intent, accidental or other circumstances. We already have this rule for telecom companies but not for other sectors such as e-banking services, private-sector medical records and online shopping. We will extend the telecom rules to the Internet.
Q: Is there a divergence between the U.S. and Europe in terms of the approach to data privacy?
A: It is clear that we have different approaches between the two sides of the Atlantic. The American people and their representatives understand that the question of data protection is not a theoretical one. These are not questions by idealists but bipartisan issues that are directly linked to the way we see the individual, the citizen, in our society. But I also want to say that we are heartened to see proposals such as the one by Senators John Kerry (D-Mass.) and John McCain (R-Ariz.) for new online privacy rules.