Europe, tech giants face off over consumer privacy
Read Original article here - http://www.usatoday.com/story/tech/2015/11/12/europe-tech-giants-face-off-over-consumer-privacy/75046000/
BRUSSELS — A regulatory day of reckoning with broad implications for U.S. tech companies may be fast approaching here.
The European Union’s highest court last month scotched a 15-year-old international pact known as "Safe Harbor" that allowed U.S. companies to transfer the data of European Union citizens to servers located in the U.S., where Europeans fear the data is vulnerable to U.S. intelligence agencies.
Now tech companies may be required to report requests by U.S. intelligence for this data under a new pact being negotiated with a January deadline.
That, and the looming threat from European privacy regulators of unleashing stiffer penalties, has tech giants such as Google and Facebook scrambling in one of their most lucrative markets. The most recent skirmish only underscores the tensions that seem to be growing by the minute. Hewlett-Packard executive Ansgar Baums, for instance, put the chances of a new agreement at "zero."
At issue: The challenge of reconciling two very different approaches to consumer privacy. Europe, and in particular Germany, support strict privacy rules that restrict companies from reaping profits from personal data. U.S. tech companies say a growing encroachment on how data can be handled in the EU could lead to fewer free services and new features here..
"This is a real big risk for the business model of any (information technology) company," says Christian Flisek, a representative in the German parliament's ongoing probe of the U.S. National Security Agency leaks. "Data is now a trade good," he said in an interview with USA TODAY, which was arranged during a reporting trip sponsored by the German Marshall Fund of the US and supported by the German Ministry of Foreign Affairs.
Dieter Janecek, a member of Germany's Alliance 90/The Green Party, is even more blunt about America's track record on strict privacy laws. "There is none," he said from German Parliament in Berlin.
Data collection and online privacy aren't the only landmines in the fraught dealings between European regulators and the biggest players in U.S. tech. Google, Facebook, Amazon and Apple are tussling in Europe over taxation and antitrust issues as well.
On Monday, a Belgian court ruled Facebook must stop storing data from people who don’t have a Facebook account or face a $269,000 daily fine. (Facebook reported $12.5 billion in revenue last year.)
But by far the largest conflict erupted in early October when the European Court of Justice struck down the "Safe Harbor" agreement that lets Google, Facebook and other tech companies easily move the personal data of millions of users between the 28-member European Union and the U.S.
The ruling gives regulators in each EU country the authority to enforce tougher guidelines on data transfers to the U.S. Negotiators had tried unsuccessfully for two years to reach an accord.
"The decision demonstrates different geographies think very differently about individual privacy, and it's important for the technology community to understand these nuances," says Dennis Yang, CEO of online learning marketplace Udemy. " We have to be sensitive to the treatment of user data in every market."
In a statement, Facebook said the Safe Harbor ruling "is not about Facebook" but "one of the mechanisms that European law provides to enable essential transatlantic data flows." (The case stems from a complaint brought by a 27-year-old Austrian graduate student, Max Schrems. He claims the online data of Europeans was violated when Facebook allegedly cooperated with the NSA's PRISM program.)
Eric Schmidt, chairman of Google's parent company, Alphabet, had a sharper reaction. At an Internet Association event last month, he warned the decision threatens to destroy the Internet, "one of the greatest achievements of humanity," according to a report in Re/code.
Government compliance has put enormous pressure on U.S. companies with multinational operations, says Thomas Boue, public policy director at the Business Software Alliance in Brussels. "It is a roll of the dice," he says.
Not everyone is leery. Some privacy experts insist the ruling could lead to greater cooperation between Europe's privacy regulators and the Federal Trade Commission, meaning better data protection and improved ways to handle new tech such as cloud computing.
Tensions are heating up for tech companies on other fronts, however.
In June, the European Commission began to investigate whether Amazon leveraged its market leadership in e-books to make it more difficult for competitors to lower prices. In April, privacy officials in Spain, France and Italy joined a handful of other European nations in investigating whether Facebook gained proper approval from its members when the social network gained access to their online data. Also in April, the EU's antitrust chief, Margrethe Vestager, charged Google with abusing its dominance in web searches.
And then there are ongoing probes into sweetheart tax arrangements between Apple and Ireland, and Amazon and Luxembourg.
The longest-running conflicts is the antitrust action involving Microsoft software and interoperability. The software giant paid nearly $2.2 billion (2 billion Euros) in fines over more than a decade.
A conflict long brewing
The enmity stems from a deepening distrust between European regulators and the U.S. government, which has parsed data for surveillance in the post-9-11 world.
When National Security Agency contractor Edward Snowden leaked secret intelligence documents in 2011, revealing PRISM, a program to collect data from Internet companies, Europeans — especially Germans sensitive to state-gathered information — were outraged.
“European businesses and individuals are rightfully paranoid about their data,” says Jonathan Huberman, CEO of Syncplicity, a maker of file-sharing technology for large companies. He cites the Germans, who are particularly vigilant about privacy after decades of state-sponsored snooping by Communist East Germany's Stasi security service and, before that, the Nazi government.
The EU is looking to ensure any access by U.S. intelligence agencies to citizens' data is necessary. European Union justice commissioner Vera Jourova, who is the bloc’s lead negotiator on data transfers, said in an interview with the Wall Street Journal that reports on requests from U.S. intelligence would be a way to monitor how frequently Europeans' data is being accessed.
Google doubles policy staff
The economic impact of a post-safe harbor climate in Europe, while difficult to measure, is indisputable to Google and Facebook, both of which command dominant market share in Europe, says John Higgins, director general of DigitalEurope, an organization in Brussels that represents more than 50 technology companies. They are among the American tech players here that have raised their profiles to get on the better side of privacy experts and regulators. Google, for example, has doubled its public policy staff to 10 in Brussels from a year ago.
The most ambitious so far has come from Microsoft. In a blog post last month, Brad Smith, the company's chief legal officer, laid out a four-point plan to solve the "privacy Rubik's Cube." The proposal specifically outlines people's legal rights, the lawful transfer of data between Europe and the U.S., and an agreement between tech companies and governments in Europe and the U.S. over information access.
Some American cloud computing companies, meanwhile, have reached out to their European rivals about passing data of their European customers via local competitors that comply with European privacy laws.
"You need rules, regulations, for (data) privacy that has a global approach," says Flisek, who is optimistic a deal can be eventually hammered out. He and other privacy experts anticipate an incremental, short-term agreement until a more-comprehensive solution is reached.
Indeed, there seems to be no limit to companies and countries willing to seek a solution, given the high economic stakes.
Even Germany, the staunchest advocate of privacy in Europe, is rethinking its stance.
The country, which is in the process of shoveling about $400 million into its "fourth industrial revolution," or Industry 4.0, is grappling with the potential harmful effects that strict data flow will have on its economy, according to Boue.
"Data flows is the backbone of the 21st Century," Boue says. A protracted battle, he and others like Schmidt warn, could lead to segmented Internets with different rules and regulations in each country.