The ways in which data protection and privacy regulations will affect European businesses next year was the subject of a panel session during the Forrester Technology & Innovation Global 2020 virtual event.
Julian Archer, VP, principal analyst at Forrester, firstly discussed the more proactive role businesses can play in driving data privacy regulation. The much discussed EU ePrivacy Regulation law has still not come into force, and the actions of a number of private companies is changing the landscape for which it is designed. Archer noted: “We’ve seen for example that Google, which is over 60% of the market, has said its going to stop third party cookies, so the ePrivacy legislation is almost becoming defunct before it starts.”
He added that there is a growing trend of companies setting their own rules in regard to privacy, and using this as a means to gain the trust of their consumers and enhance their brand image. An example of this has been Rolls Royce creating an AI ethics framework, which it has stated “is a method that any organization can use to ensure the decisions it takes to use AI in critical and non-critical applications are ethical.”
Archer said: “The privacy laws are going to be mixed; we’re seeing very much that the EU will have to drive more regulation around AI but don’t forget that the vendors have their agenda and you as business leaders also have a responsibility to think about what you are doing to drive a better relationship with your customers.”
The start of 2021 will also see the end of the UK’s transition period following its exit from the EU. Enza Iannopollo, senior analyst at Forrester, expects that the UK will effectively become a “third country” when it comes to the EU’s General Data Protection Regulation (GDPR), which will have major implications for European businesses. “It means that if your organization transfers personal data from continental Europe to the UK for storage or possession purposes you will need to find alternative remedies to make sure these transfers can happen in a way that doesn’t break the rules,” she explained.
These remedies can include those that are technical in nature, such as fully encrypting data before it leaves continental Europe and ensuring it remains encrypted at all times, as well as inserting contractual clauses.
Finally, Laura Koetzle, VP, group director at Forrester, discussed the potential impact of the GAIA-X initiative, an attempt to establish common requirements for a European data infrastructure, on businesses in Europe. Currently, most of the public cloud service providers for companies in Europe are headquartered in other continents, which can raise issues with regard to data privacy due to separate legislation in countries like the US.
While Koetzle believes organizations should keep a close eye on the potential of the recently established GAIA-X Foundation, it is not ready to replace the existing hyperscalers which are generally able to cater to their needs and meet data protection requirements. “We don’t think that that initiative is going to make much impact in 2021, so while lots of people in Europe are very excited about it, now the challenge is for members of the GAIA-X Foundation to deliver concrete services and a clear value proposition,” she said.