Data protection in the EU in the new global scenario

Vrije Universiteit Brussel
New Media and Society in Europe
Brussels, Belgium. 30th July, 2014
David Guardo


The academic text intends to explain the data protection in new global situation of the European Union (UE). Under a critical approach, it analyses the current situation in relationship of the UE and the United States of America and how the new law will affect companies with commercial purposes in the region as well as how the new law will protect the fundamental rights from the European citizenship.


 The digital global world is leaded by two huge American enterprises, two big brothers: Google and Facebook. Both accumulate more than 1000 million users every day while stored on the personal information about likes, habits, age, sex, religion, health, etc.  At the same time, any mobile application also collects personal information from the customers and, in order to get benefits, sells the information to third parties.  “Moving past the Internet of Things to the “Internet of Everything,” Cisco estimates that thirty-seven billion intelligent devices will connect to the Internet by 2020 (Richards & King, 2013, p. 12). As a result, the flow of personal data to thirds in a global village[1] makes nations or union of nations to experience difficulties in order to control and guarantee fundamental rights of the citizenship.

Currently, in the European Union operates 250 Million of Internet users. However, the 70% of Europeans are concerned that the personal data are in private company´s hands. Also, seven Europeans out of ten are concerned about the potential use that companies may make of the information disclosed and a majority believe that their personal data would be better protected if these companies were obliged to have a Data Protection Officer (Eurobarometer, 2011)

eye of facebook

According to the previously mentioned, this essay explains a critical aspect from the measures that the European Union is adopting in relation to data protection and the threats that can occur when it guaranteed fundamental rights of citizens. “As more information regarding individuals’ health, financials, location, electricity use and online activity percolates, concerns arise about profiling, tracking, discrimination, exclusion, government surveillance and loss of control” (Tene & Polonestky, Big Data for All: Privacy and User Control in the Age of Analytics, 2012, p. 13)

2. The Data protection in the European Union and the impact on Google and Facebook

google is watching you

 In the new global situation, the European Union has become aware of guaranteeing the fundamental rights of Europeans. After Lisbon Treaty in 2009, the fundamental rights had the same legal value as the European Union treaties. Moreover, this basic right is inalienable and inviolable built up on the basis of European constitution and is protected by the human rights.

In 2012, the European Commission proposed a new reform[2] of the data protection law due to the last one in 1995[3] was obsolete and had to face new challenges such as be adapted to the Internet and new technologies.

The new reform of data protection has been designed keeping in mind the largest companies such as Google, Facebook or Linkedin. Every day this companies that gather millions of users including about 250 million Europeans. Since the last few years, the practices undertaken by these companies have been criticized due to the handling of personal and sensitive information. It is also necessary to emphasize their possible collaboration with the Prism Project the National Security Agency. Google has been seen for many experts as an endemic threat to privacy described by Privacy International [4] (Tene, What Google Knows: Privacy and Internet Search Engines, 2007)

Will the new law affect negatively global companies like Google or Facebook? To begin with, these companies must sign and adapt its policies to the new reform if they want to operate in Europe. If a third country requests a company like Facebook to provide personal information processed in the EU, the company would have to obtain permission from the national data protection authority and inform the person concerned before submitting it. Somehow is nothing new regarding the last directive 95/46/EC in which prohibits transfers of personal data to countries in which do not ensure an adequate level of protection within the meaning of Article 25 (Balboni, 2010, p. 8). In principle, it is a consistent measure if a company based in Asia requires information generated in Europe it  needs to be adjusted to this regulation and, consequently,  protected by the rights constituted in Europe.

However, the problem with third-party applications is that was out of control and the concepts of transfer and data location are especially problematic, “with the inception of the internet and the ease of remote access to data, the concept of ‘location’ is increasingly meaningless as well as irrelevant to data protection.” (Hon & Millard, 2012, pp. 42-44).

For instance, Facebook also states that it is itself an open system and; therefore, third party utilities and applications can be developed freely. The issue manifests itself when these third parties are intended to, like Facebook does, to store this information of each user and thus sell it to other companies. FB has admitted that has not control of it, consequently does not guarantee in any way the privacy of the data[5].  The ultimate responsibility for your data and the use of FB are yourself and at your own risk.

In order to avoid this threat the data protection reform will be by default established on privacy-friendly settings and this type of interface should be the norm. The aim is to empower the consumers back as for instance with the inclusion of the new rule the right to be forgotten. In a democratic atmosphere, it has no sense at all that the standard right today is quite opposite although it has been denounced by consumer associations seem that big companies are still abusing on it.  (Based on Strengthen citizens’ rights main goal)

On the part of Facebook, it can be seen these reforms as restrictions on their free trade. Also, as is the case of profiling (consisting to construct profiles by automatically processing the data to analyse or predict the behaviour of a person, their economic situation or health), now regulated and limited, partly of its customers would not contract the services of Facebook and; therefore, it would result in a direct fall in revenues.  Also Facebook and Google will have to apply same rules, in case they will refuse or do not follow the law will be fined by the EU regulators (based on Economic growth main goal).

But on the other hand Facebook businesses in the EU is intended to be more efficient as policies will be integrated to drive against the disparity of the 28 countries that comprise it. Therefore, there will be one law that will save the costs and time (based on Cutting Cost and Flexibility for Small and Medium Enterprises main goal).

Nevertheless, the new legislation introduces the “right to be forgotten” that directly affects Google by pointing out that search engines should remove links to information published in the past if it is found that they are detrimental to a citizen and irrelevant. It represents an unprecedented revolution in ensuring privacy of citizens. For instance, the fact how Google operates and technology shapes the society is the case of a girl in the metro of Tokyo that refuse to clean up dog poop and was captured by a mobile camera and uploaded to the internet and therefore recognized by millions, and not only a few.  “Her image and identity are eternally preserved in electrons” (Solove, 2007, pp. 7-9). Though traditionally privacy is often thought of in a binary way: private or public, therefore if something occurs in a public place, it is not private. Google and The Internet have an unforgiving memory (Solove, 2007).

The justification is that the processing of personal data by the operator of a search engine can significantly affect the fundamental rights to respect for private life and protection of personal data. Basically because the citizen ignores about the processes that are taking place when uses of cookies and third party cookies to recognize and track and trace web usually are placed on the user’s web browser without any visibility (Roosendaal, 2011).

At first glance, Google and Facebook will have to adapt and be subject to greater control when operating within the European Union or European citizens.


3. Is compatible the data protection policy of the United States of America and the European Union?


The U.S. foreign policy is always observed in controversy, perhaps because it is the major economic and military force in the planet, or because it evokes fears in other economies.

In order to prevent and combat terrorism and crime, The EU and the U.S have several agreements[6] on bilateral cooperation to meet the common security interests and guaranteeing the protection of personal data. However, it is a fact that the intelligence agencies of the US have spied the world by collecting data, at least, since 2007. It has been described the U.S policy as a government that is consolidating its power to monitor, control and intimidate its citizens and also including huge amount of information gathering businesses  that are functioning as “enablers” by amassing an inconceivable amount of data on Americans and everyone else for that matter.” (Barnhizer, 2013, p. 13)

On one hand, for the US is a matter of defence and prevention against terrorism but is not always a convincing statement, especially after Snowden Case revelations. As a result, some of the dialogues regarding data protection with the EU are still stuck after 16 meetings.

A Data Protection law compatible between the two strategic partners, the US and the EU, is not supported. Clearly, the defence of the human rights are a priority for the European Parliament as the U.S. has defence and security of the country above to any other circumstances.

Europe is aware of the participating companies like Google and Facebook with the NSA at the time of providing information about their customers. At least Claude Moraes, a member of the European parliament, said that Edward Snowden’s revelations[7] have given the opportunity to react. At this stage, it is widely belief that Big data promises to use this data “to make the world more transparent, but its collection is invisible, and its tools and techniques are opaque” (Richards & King, 2013, p. 12) and for that reason it is difficult for governments to guarantee freedom against the invisible surveillance. Also, it has been mentioned by Cohen (2012) the significance of the invisible design of digital artifacts and interfaces. In order to obscure the workings of network architectures, it prevails best practices in design.  All this high advanced technology is in the domain of the military services all over the world.


President Obama does not help to the cause. He seems to be contradictory when states that the reforms that he proposes should give the people greater confidence and that their rights are being protected and, on the other hand, he adds “even as our intelligence and law enforcement agencies maintain the tools they need to keep us safe”.

The differences between both sides are clear and produces an entirely new stage where is at stake the future of treaties as the US-EU Safe Harbor and others commercial agreements.


The EU leads the world in the defence of civil rights. In the new global scenario, the new law on data protection in the European Union is a significant development for several reasons. Firstly, The fundamental rights of the citizenship with consistent steps are guaranteed. Secondly, the law regulates and applies in all member countries with identical characteristics, helping the unity, integrity and also protect the Eurozone.

On the other hand, EU regulate the trade foreign companies with interests and especially focus on U.S. companies, in which the EU has been clear at the time to express their concerns.  The consequences of this new law are difficult to predict. Large corporations will not be willing to adhere to all measures and will proceed to pressure the Eurozone to adjust this reform to their business interests, as usually behave.




Balboni, P. (2010, august 21). Data Protection and Data Security Issues Related to Cloud Computing in the EU. TILBURG UNIVERSITY LEGAL STUDIES WORKING PAPER SERIES , 8.


Barnhizer, D. (2013, september). Through a PRISM Darkly: Surveillance and Speech Suppression in the “Post-Democracy Electronic State” . Cleveland State University , 13-15.


Cohen, J. E. (2013). What Privacy is for? Harvard Law Review (Vol. 126).

Eurobarometer. (2011). Attitudes on Data Protection and Electronic Identity in the European Union. European Comission.


European Commission. (2011). How will the EU’s data protection reform benefit European businesses? Retrieved june 2011 from


European Commission. (2013). Retrieved november 27, 2013 from European Commission website:


European Commission. (2013). Rebuilding Trust in EU-US Data Flows. Retrieved november 27, 2013 from Rebuilding Trust in EU-US Data Flows


European Parliament. (2014). Retrieved march 4, 2014 from European Parliament website:


Greenwald, G. (2013). The Guardian. Retrieved june 10, 2013 from


Hon, K., & Millard, C. (2012). Data Export in Cloud Computing – How can Personal Data be Transferred outside the EEA? Centre for Commercial Law Studies Queen Mary, University of London (1).


Mcluhan, M. (1964,2003). Understanding Media. Gingko Press.


Pérez, C. (2009). Technological revolutions and techno-economic paradigm, Technology Governance and Economic Dynamics. The other Canon Foundation , 3-4.

Reuters. (2014). Retrieved january 17, 2014 from Reuters:


Richards, N., & King, J. (2013). The Three Paradoxes of Big Data. Stanford Law Review Online (41), 12.


Roosendaal, A. (2011). Facebook tracks and traces everyone: Like this! . Tilburg Law School Legal Studies Research Paper Series (03/2011).


Rubinstein, I. S. (2012). Big Data: The End of Privacy or a New Beginning? PUBLIC LAW & LEGAL THEORY RESEARCH PAPER SERIES WORKING PAPER NO. 12-56 .


Solove, D. J. (2007). The Future of Reputation: Gossip, Rumor, and Privacy on the Internet. (A. C. book, Ed.) Yale University Press New Haven and London , 7-9.


Tene, O. (2007, september). What Google Knows: Privacy and Internet Search Engines. College of Management School of Law, Israel. LL.M., J.S.D (New York University) .


Tene, O., & Polonestky, J. (2012). Big Data for All: Privacy and User Control in the Age of Analytics. Journal of Technology and Intellectual Property 239 .


Webster, F. (1995). The theories of information society. In F. Webster. London: Routgde.


[1] [1] Global Village is a term popularized by Marshall Macluhan in his book the Gutenberg Galaxy: Making Typhografic Man (1962)

[2] With a huge consensus of the European Parliament, the Commission proposal on data protection has largely been accepted and recently voted in the EU Parliament[2] the 12th of March, 2014.  The reform is irreversible and will not be even affected by the election results last May 25th. It is widely believed that a democratic decision is unanimous successful as the EU needed a quick response due to deficiencies that showed the previous directive on the matter.

[3] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

[4] Privacy International, a registered UK Charity (No. 1147471), was founded in 1990 and was the first organisation to campaign at an international level  on privacy issues.

[5] Facebook Terms and Conditions “Please keep in mind that if you disclose personal information in your profile or when posting comments, messages, photos, videos , Marketplace classified ads or other items , this information may appear publicly.“

[7] Edward Snowden, 29, the whistleblower behind the NSA surveillance revelations. Considered by US

“perpetrator”  the biggest intelligence leak in the NSA’s history. Temporary Asylum in Russia.