The European Commission recently submitted to the European Parliament and the European Council an assessment report of the General Data Protection Regulation (GDPR) over the past two years of implementation. The British “Financial Times” revealed that the report believes that the GDPR, which has been in effect for two years, has proved difficult to implement, and it has placed a particularly heavy burden on small and medium-sized enterprises and those developing new technologies.
In the two years since its implementation, the biggest benefit to GDPR has been Internet companies, especially the super Internet platforms that have the most personal data. They certainly want to collect and monopolize personal information and data to the maximum with the lowest system threshold, the lowest cost, and be free from Restrict development and use. It is not surprising that it has criticized the GDPR.
As the most important and landmark institution building in the half century since the birth of the Internet, GDPR involves complex issues, touches on the interests of great interests, and has a far-reaching impact. It is certainly unrealistic to expect it to be immediate and perfect within two years. From the perspective of outsiders, the progress and impact of GDPR over the past two years are actually impressive enough. Although it has touched the significant interests of Internet companies, major global Internet companies and multinational companies have joined the policy adjustment of GDPR compliance in a timely manner and serve as a unified, fair and non-discriminatory data reporting standard worldwide. GDPR is the basic framework for data protection legislation in major countries such as the United States, China, and India. Regardless of the framework or details, including the implementation details during the new crown epidemic, the highlights of the GDPR are prominent, which largely make up for Europe’s past weak development in the Internet field, forming a three-pronged triumph of China, the United States and Europe with their own strengths and complementary advantages. Momentum.
Although nominally focusing only on the European mainland and targeting European citizens, GDPR directly affects all Internet platforms and indirectly affects global Internet users. The GDPR can be called a “declaration of independence” for netizens. For the first time, the data protection system has established the basic rights and interests of netizens in cyberspace and established the dominance of netizens over their own data. Today, with the rapid development of the Internet, it has rebalanced the increasingly unbalanced power among Internet companies, governments, and the public. In order to curb the trend of global cyberspace data abuse, it ends the out-of-control status of personal information and privacy protection in a timely manner. Provides a key legal system. At the same time, GDPR alleviates the increasing threat and impact of information technology on society, and it is a good institutional guarantee for the upcoming artificial intelligence to drive the intelligent transformation of the entire society.
Over the past two years, around the GDPR, there are some domestic views that strengthening data protection will hinder innovation. The underlying line is that the European Internet lags behind the United States and China, and focusing on protection is one of the main reasons. In fact, Europe has long attached great importance to system construction, and its position is recognized globally in terms of the multi-stakeholder model in the field of network governance, the right to forget information, antitrust, and the recent digital tax that is being exchanged between Europe and the United States. The lag in the development of the European Internet is fundamentally determined by the fragmented nature of the European market. However, the industry is still evolving rapidly, and Europe’s past development disadvantages do not necessarily determine the future. As the development of the Internet enters a new stage of data-driven intelligence, the basic protection of data will become an increasingly critical factor.
So far, in terms of data protection, we are facing the risk of wanton information dissemination. Can information achieve “group immunity” under laissez faire and out of control? The answer is no. Out of control of personal information is a godsend for illegal criminals; for every citizen, it is a threat to personal privacy, personal property and even the safety of life; for the country, it is to enhance people’s sense of gain and build social credit Challenges of the system, improving social governance capabilities and governance modernization.
China’s personal information and data protection is still lacking a complete system. In fact, it has been allowed and allowed for so many years. Almost every Chinese has experienced harassment and damage caused by data misuse and loss of control to varying degrees. The GDPR provides good enlightenment for China’s data protection: it is necessary to increase investment in system construction and strive to learn international experience; intensify efforts in talent construction and strengthen international cooperation.
Of course, the overall enforcement of GDPR has remained cautious and restrained in the past two years. Even Facebook, which has suffered a major data breach such as the “Cambridge Gate”, has not so far taken action. At the same time, the real situation of user data protection has not fundamentally changed. The next assessment report is four years later. We look forward to the GDPR’s excellence, and also look forward to the outstanding performance of the Personal Information Protection Law and Data Security Law, which have been incorporated into the legislation of the National People’s Congress of my country.