XI
PROLOGUE
The book is perfectly timed.
Data protection, once considered a fringe interest for lawyers and politicians, is now
well-and-truly in the mainstream of public policy. While Silicon Valley continues to be
the hub for high-tech innovation, Europe is setting the legal agenda for the rest of the
world. European countries are now in a minority of over one hundred countries in the
world which have data laws, most of which are clearly modelled on the framework
adopted by the EU in the 1995 Directive.
It will take a few years before the full impact of the newly agreed General Data
Protection Regulation is felt for businesses and consumers, governments and citizens.
However, as my good colleague
Leonidas Kotsalis
succinctly explain, the success of the
new framework depends on the willingness of controllers to respect the interests of the
individuals whose data they are responsible for processing.
Almost all of the data ever generated has been generated in the last few years.
Companies themselves are increasingly unaware of the personal information for which
they are responsible, while individuals consider themselves ill-informed and powerless.
The digital economy is dynamic and exciting, but the digital society is marked by
asymmetry of information and mistrust.
We need to move away from a tick-box approach to legal compliance, and towards a
more honest engagement with implication of big data and transparent. The GDPR should
enable Europe to lead by example in addressing the challenges to fundamental rights
which are posed by ubiquitous internet and concentration of market power.
Enforcement is essential to the success of this great project, and the agents of
enforcement are independent data protection authorities such as those which Mr
Kotsalis
and I lead. The Hellenic Data Protection Authority has been in the vanguard of
efforts to ensure a consistent and concerted European approach to the promotion of the
rights to privacy and data protection in the age of big data and the internet of things.
I am grateful to Pr.
Leonidas Kotsalis
for this important contribution to our
understanding of data protection law in Europe, and its prospects of the future.
Giovanni Buttarelli,
European Data Protection Supervisor