European Data Protection Supervisor (EDPS) head Wojciech Wiewiorowski said that people should have more choices and opportunities about their own information, and the level of privacy shouldn’t be decided far away, in a clear reference to the decisions made by tech companies outside Europe.
Speaking at the Computers, Privacy and Data Protection Conference, his remarks were focused not so much on how privacy policies are decided or by whom, but on how companies and regulators should put people at the center of the debate. “Sometimes we lose sight of what we are fundamentally protecting at the end of the day: the rights of people,” Wiewiorowski said.
While he acknowledged that the recognition of the individual is embedded in the structure of the current data protection framework, he warned that people are are dynamic and may become vulnerable to certain use of data by companies.
The data supervisor referenced behavioral economics and behavioral science that may be used to encourage users to take certain actions online without the user fully realizing it: “The growing use of dark patterns on the internet; the cunning design of certain cookie banners that subconsciously influence users to act in one way or another.”
Wiewiorowski also warned that targeted advertising and the use of pervasive profiling can lead to an asymmetry of power between the data subject and the data controller.
This shows that people are vulnerable, he argued, understanding vulnerability as a lack of choice, and the only way to address this vulnerability is by giving people real choices and real opportunities. The choices of data protection are still too often made elsewhere, and data protection authorities have a critical role to play in this, Wiewiorowski said.
During his remarks, this was the only message that seemed to encourage regulators to increase their enforcement efforts, in particular through the General Data Protection Regulation.
The EDPS is an independent authority comprised of 120 public officials in the European Union. It is responsible for ensuring European institutions respect the right to privacy and protect data when they process personal information.
As part of its daily tasks, the EDPS acts as a traditional data protection authority. It investigates and, if necessary, conducts investigations on complaints.
Recommendations by the EDPS often impact the outcome of negotiations between the Parliament and European Commission over data security matters.
“The EDPS’ role is to recommend policy, and we are mandated to follow new technologies very closely,” said Leonardo Cervera, director of the EDPS, in an interview with PYMNTS. “The idea is to anticipate the impact of new technologies on data privacy.”