EU40, a network of young Members of the European Parliament, invited me to a breakfast meeting in Brussels this morning for a discussion on the app economy in Europe. This is my short speech.
Default Settings for Privacy
At Humboldt University Berlin last night, we were discussing the differences between European and US privacy laws with my friend Prof. Paul Schwartz from Berkeley. Prof. Schwartz pointed out that privacy laws in Europe and in the EU have contrary „default settings“:
- In the US, the default setting is „yes“. An app developer would ask her privacy lawyer if the app is covered by one of the privacy acts. The lawyer would say „no“. Good news, the developer is free to go ahead with his app.
- In Europe, the default setting is „no“. Any processing of personal data is covered by the GDPR. The European app developer would need to rely on one of the exemptions of Art. 6 GDPR. If the lawyer says „yes“, there is consent, contract or legitimate interest, the developer will be able to take the next steps.
Compliance to the GDPR has been and still is a major challenge for many app developers. We estimate that, in Germany alone, companies have spent 375 mio. EUR in the past 12 months on legal fees for updating their privacy policies in order to be compliant with the GDPR. Nobody has profited from the GDPR as much as data protection lawyers and privacy professionals.
Approach in Draft e-Privacy Regulation
The Draft e-Privacy Regulation proposed by the European Commission might be the next great gift to lawyers and privacy Consultants.
For a detailed analysis of the Draft e-Privacy Regulation see:
Härting/Gössling
Study on the Impact of the Proposed Draft of the ePrivacy-Regulation
CRi 2018, 6-11
The proposal relies on consent and takes a different approach to privacy than the GDPR which is focused on necessity and legitimate interests. Should the proposed Draft e-Privacy Regulation be enacted, privacy policies will need to be reviewed, adapted, re-drafted. Great new business for lawyers but another major investment for app developers.
Future Default Setting for Communication?
Apps are all about communication. Messenger services, social networks, interactive games. It is not always humans communicating with humans but also machines to machines and humans to machines. When I use my favourite jogging app, communication is with a computer that is tracking and analyzing every step I take. When I use one of my restaurant reservations apps, I am communicating with the guys who will be serving my next meal.
- For Now:
The default setting for communication is Europe is presently „yes“. We are free to communicate, and the confidentiality of our communication is protected against surveillance and interference. - In the Future:
The Draft e-Privacy Regulation proposed by the European Commission wants to change the default setting. According to the proposal, any communication service – be it human-to-human or machine-to-machine – will be prohibited unless there is consent by all parties involved or some other legal ground listed in Art. 6 Draft e-Privacy Regulation.
This suggested change would be another major challenge to app developers. Red tape, additional compliance costs and a regulatory environment that regards communication and the app economy as dangers to European citizens.
Red tape and bureaucracy:Â The European Commission has also proposed a Directive on Digital Goods. According to this Directive, providers would be liable for defective services even when the app is offered for free. An additional burden for app developers as the Directive would create liability risks that will be hard to quantify.
Stop Now & Think
If the European Parliament wants to strengthen the app economy in Europe, default settings need to be clearly on „yes“. New legislation leading to additional compliance costs should be avoided. As far as e-Privacy is concerned, there needs to be a „stop and think“. In 2020, the effects of the GDPR are to be evaluated. Until then, the European app economy deserves a regulatory break.