Although there is no further mention of Google in her speech, and certainly no explicit reference to Peter Fleischer, it is clear that the whole speech is a refutation of his views. "Whatever comes next," he wrote in a blog posting earlier this year, "will be the most important privacy legislation in the world, setting the global standards. I'm hopeful that this pause will give lawmakers time to write a better, more modern and more balanced law."
But Reding's speech shows no inclination for further compromise. She was receiving the Aenne Burda Award for Creative Leadership at the international Digital-Life Design (DLD) Conference in Munich. "This award," she said, "will be an additional motivation for me to keep going, and a reminder of the power of perseverance, of the importance of fighting for your dreams and never giving up."
She pointed out that the European Parliament had already agreed to 'a broad compromise, backing the European Commission's proposals.' But, "Member States, however, have been stalling." The emphasis is hers, and the bitterness barely disguised. "Even after the shocking revelations of mass spying and surveillance that continue to dominate the headlines, they have so far mainly reacted with words. EU Heads of State and Government have committed to a 'timely' adoption of the new framework. But in real terms there has been little action."
She re-iterated the Commission's view that the GDPR will benefit both business and consumers. The uniformity across Europe "will be especially important for smaller companies and start-ups, who will find it easier to break into new markets"; an idea directly refuting Google's and other lobbyists' claim that it will stifle innovation.
She also said that the reforms – especially the principles of data minimization and strict sanctions – would rebuild consumer trust, improve general security, and reduce business costs. "Just ask Sony," she explained. "Experts believe that a hacker attack on PlayStation accounts in 2011, in which the data of 77 million people was compromised, cost the firm between USD $1 and $2 billion. That is the cost of non-compliance. And this cost is both high and avoidable." In the UK, the privacy regulator added a £250,000 fine.
One thing is clear from Reding's speech: regardless of Fleischer's view that the current GDPR is dead, it is not. Reding may be forced to accept minor amendments before it is passed into European law, but she will not give up until the GDPR, largely as it now stands, becomes the new European data protection law.