Data protection at Milipol Paris
- 70+ exhibitors in 2021
- 1,000 visitors in 2021 (8% of the attendance)
- Thematic conferences on national and European sovereignty, on the Internet ecosystem and the fight against terrorism
- A secteur represented in the "cybersecurity" category of the Milipol Innovation Awards
- Many products:
- Transmissions, communication and positioning solutions (jammers, audio surveillance, recorders, transmitters-receivers, tracking equipment)
- Cybersecurity (encryption, data processing and analysis softwares,...)
- Identification solutions (biometry, counterfeit detection,...)
They were there in 2021
Article - Data protection: between regulation and a tool for influence
The data protection authorities met in September 2022 to discuss international issues concerning personal data protection and ways to strengthen their cooperation. France and Germany alerted their partners to the challenges of data transfers in the context of international data spaces.
Data protection: between regulation and a tool for influence
The data protection authorities met in September 2022 to discuss international issues concerning personal data protection and ways to strengthen their cooperation. France and Germany alerted their partners to the challenges of data transfers in the context of international data spaces. The role of privacy and data protection authorities in setting up and promoting an ethical and cultural model for AI governance was also on the decision-makers’ agenda. But beyond the regulatory issues, data also play a part in terms of influence, fuelling the economic warfare of the 21st century and reshuffling the geopolitical cards.
Towards an ethical and cultural model for AI governance
The G7 data protection authorities, which form a real entity for promoting privacy at international level, met together in September 2022. Building on discussions launched in 2021, authorities representing Canada, Germany, Italy, Japan, the UK, the US and France discussed transfer instruments regarding international data spaces. These included certification mechanisms, privacy enhancing technologies (PETs), de-identification standards, the principles of minimising data and limiting purposes in the context of commercial surveillance, and the role of data protection authorities in promoting an ethical and cultural model for AI governance. "A free, global, open, interoperable, reliable and secure Internet can only exist with democratic values and human rights. Data protection is a key element in this respect. Within the G7 framework, we will strive to promote legal similarities and high standards of protection in international data transmission instruments," said Professor Ulrich Kelber, Federal Commissioner for Data Protection and Freedom of Information (BfDI) of the Federal Republic of Germany. These statements reflect the initiative taken by UNESCO and the first recommendation adopted by its 193 member states on artificial intelligence ethics at the institution's General Conference in November 2021.
Open data represent not only a technological but also an economic, scientific, democratic and political challenge. "Economic, because data are a source of value and a lever for innovation. Scientific, because they are a vehicle for knowledge. Democratic, because they help the general public to understand the challenges facing society. And political, because they help to foster confidence in public action," says Marie-Laure Denis, President of the CNIL (French data protection authority). While this promotes data sharing that has respected privacy from the outset, she adds, "Data protection can be perfectly compatible with open data: it's all a question of balance.”
Europe pulls out all the regulation stops
A balance that finds an initial response in regulations: Europe’s area of excellence. After the GDPR, the ePrivacy Directive and Open Data, Europe is strengthening its regulatory arsenal with the DMA (Digital Market Act), the DSA (Digital Services Act), the DGA (Data Governance Act) and the DA (Data Act). Since 2019, the European Commission has been developing its strategy to create a digital data market that facilitates innovation while strengthening user protection. "The European legislative package on digital services now requires mixed data governance. The aim of the Digital Market Act is to make the digital space healthier and more competitive, benefiting both private and professional users," says Paul-Olivier Gibert, President of the AFCDP (French association of data protection officers). Adopted on 4 July 2022, the DMA will come into effect by March 2023 at the latest. In the event of non-compliance, penalties could amount to 10% of global turnover and up to 20% if the offence is repeated.
Meanwhile, the Digital Services Act aims to improve the environment for online services in Europe by protecting users and combating illegal content, manipulation and disinformation. The final version of the DSA, adopted in June 2022, will come into force by 1 January 2024. Penalties could be as high as 6% of annual global turnover. The Data Governance Act (DGA) and the Data Act (DA) deal with mixed (personal and non-personal) data, which may include trade secrets and data concerning industrial protection. The DGA was adopted in May 2022 and will come into force on 24 September 2023. The Data Act, which received its first reading in the European Parliament in February 2022, would only apply from 2024.
The EU is committed to promoting European leadership in the global data economy and protecting European values and interests in this digital market by encouraging data re-use and data altruism. This is a fairly subtle reference to the balance mentioned by the CNIL: "In the event of a health crisis or natural disaster, we must also give public authorities of any kind the right to order a private company to access certain databases for well-defined purposes, under strict supervision," says Malte Beyer-Katzenberger of the European Commission's DG CONNECT.
Anonymisation: a paradigm shift
The tremendous potential of open data should not make us forget the risks inherent in open data under no control. How can anonymity be guaranteed? Can artificial intelligence reproduce certain inequalities? How can sensitive data be revealed without citing them? "If you want to use data while protecting individual privacy, you employ anonymisation," says Yves-Alexandre de Montjoye, Professor at Imperial College London. "The principle is simple: breaking the link between the person and their data. The GDPR no longer applies to anonymous data or when the person is no longer identifiable." And if the question of guaranteeing anonymisation arises, the professor once again suggests a paradigm shift: "Anonymisation should no longer be seen as a fixed state of a dataset that has been anonymised once. We need to invest in new techniques such as Query-Based Systems or Differential Private noise addition and challenge them continuously, while keeping to the legislative framework," he says.
Influence and geopolitics at stake
Data are not only a major economic, social and political issue, but also a major security and sovereignty issue. A real legal battle is being waged against a backdrop of economic warfare with an estimated value of some $410 billion. This is what the Big Data industry will represent in 2025, according to the report of the Chinese Ministry of Industry and Technology’s 14th five-year plan.
Then there will be no holds barred, and protectionism, the extraterritoriality of laws, countermeasures, smart power and sanctions will come into play. "Influence, not to say interference through the offensive use of smart power via information warfare is central to America’s and China’s strategies. The new media and digital data processing tools are becoming increasingly effective geopolitical weapons of smart power," says economic and legal intelligence specialist Nicolas Bouchou.
In this game, though Europe intends to fight, it may well have bowed down before the current crisis. Renegotiating the now invalid Privacy Shield agreement, the European Commission signed an agreement with the US at the beginning of the year suggesting that, although negotiations began more than 18 months ago, we are on the point of exchanging our data for energy resources, particularly gas. "Europe quickly needed to secure its supplies of US oil and gas and in doing so was persuaded to establish a new Privacy Shield with an accelerated timeline. Political and economic reasons are driving this this initiative, but the new version of the transatlantic agreement cannot avoid addressing concerns raised by the European Court of Justice and the European Data Protection Committee, as indicated in the latter's recent statement. Although the Committee's opinion is only advisory, since it can neither suspend nor bind the European Commission, specialists believe that it would be politically difficult to finalise an agreement that obtains anything other than a favourable opinion," says Nicolas Bouchou.
Japan: a special partner
Live from the 28th EU-Japan summit in Tokyo in May 2022, the leaders announced that they would be consulting even more closely on combating hybrid threats. They intend to expand their practical cooperation in areas like cybersecurity and the fight against disinformation. The cooperation also includes maritime security and crisis management, as well as non-proliferation and disarmament.
On this occasion, EU and Japanese leaders launched the EU-Japan Digital Partnership, aiming to ensure a successful digital transformation that provides "solidarity, prosperity and sustainability". This digital partnership will help the EU and Japan achieve their common goals of secure 5G and 6G, safe and ethical applications of artificial intelligence, resilient global supply chains for the semiconductor industry, green data infrastructures and digital skills development for workers. Japan will now be the venue for the G7 data protection authorities’ meeting in 2023.