On 21 November John spoke to the European Forum for Manufacturing in a dinner debate at the European Parliament. The forum brings together policy thinkers, industry experts and legislators to explore challenges and opportunities facing the manufacturing sector. The debate, entitled "Digitising Construction Machinery - the role of research funding and regulation", took place in the context of the continued debate over the use and misuse of personal data by digital corporations, the data privacy regulation and the implementation GDPR.
This is John's policy paper, republished from the EFM event papers and website, accompanying the talk:
John HOWARTH MEP, (S&D, UK), Regional Development Committee
The E-Privacy Regulation: a potential obstacle to digital machines
Events in recent years and months have raised concern among consumers on the security and priviacy or personal data. To those developing application that depend upon the availability of and use of mass consumer data this is a double edged dilemma. Without a data privacy framework in which consumers are confident both the quality and quantity of data available to innovators declines. Thus consumer confidence in the security and privacy of their data is paramount.
This is the context for any debate on the reasonable limits of data use. The major IT companies have long since understood that when consumers lose confidence in a service dealing with their data, they lose confidence in the service as a whole. In the past 12 months it has become a priority in this parliament. The e-Privacy Regulation, and with it the GDPR which has just entered into force, are political necessities to protect citizens and allow them to make informed decisions about the use of their data.
However, by expanding the scope of privacy legislation beyond the remit of traditional telecommunications companies, we run the risk of jeopardising innovation in sectors which require mass data, but not necessarily personal data, to produce intelligent solutions. The challenge for EU legislators is to find a balance.
e-Privacy State of Play
The Commission proposal was published in January 2017. It aimed to update the scope of existing legislation to include new forms of electronic communications, as well as streamlining legislation with the updated GDPR. New forms of electronic communications include Machine-to-Machine communications (M2M communications), becoming increasingly prevalent in the manufacturing sector through developments in AI. A manufacturer employing digital machines which communicate with each other may have to comply with the proposed regulation.
The European Parliament position has sought to mitigate the spill-over effects of including M2M communications. Recital 12, governing M2M communications, highlights: “the transmission of machine-to-machine communications involves the conveyance of signals over a network and, hence, usually constitutes an electronic communications service.” This supports the Commission’s assertion that the proposed regulation cannot offer comprehensive data protection to users if it does not cover M2M communications at all.
However, the Parliament position goes on to clarify what constitutes an electronic communication for the purposes of the regulation, stating: “... it should not however apply to machine-to-machine communications that have no impact on either privacy or the confidentiality of communications such as transmission between network elements”.
The Council is still to adopt its general approach and has discussed at length the issue of digital machines. The most recent compromise text reflects the Parliament position in reiterating that M2M communications normally constitute an electronic communication. It remains to be seen whether the Council will also advocate an exemption for those M2M communications which do not process data which has an impact on user privacy.
The use of digital machines in manufacturing
The use of digital machines and the Fourth Industrial Revolution will transform the nature of production. In the future manufacturing processes could include interaction between machines and computers dealing with CAD, big data analysis, and manufacturing processes such as 3D printing and laser cutting. However, in theory such processes could undermine individual privacy, as data is passed from one machine to another during manufacturing processes.
In this context it is unavoidable that machine-to-machine communications are subject to rules regarding privacy of communications. However, a blanket requirement for user consent in ALL machine-to-machine communications would severely limit the ability of manufacturers to realise productivity gains from the use of digital machines and artificial intelligence.
The challenge for legislators
The challenge for us, as Members of the European Parliament, is to find a delicate balance between reassuring citizens of their high levels of personal privacy, whilst ensuring that communications which have no real impact on privacy are not subject to counterproductive rules and consent processes.
In this respect the work of the European Parliament would seem to heading in the right direction. It would not be correct simply to exclude M2M communications from the scope. If our personal data was unprotected as soon as it is passed from one device to another, citizens would lose confidence in privacy legislation and service providers. It is therefore in everyone’s interest that data is protected throughout all processes.
The question is rather that of scope, and what do we consider to be sensitive communications which need protecting? More work needs to be done to refine this definition, but the solution of including M2M communications, with a clear exemption for those communications which are essential to the functioning of digital machines but have little to no impact on data privacy.
Another solution explored in the Council would be to differentiate between different data processes in M2M communications, with only the transmission of data considered to be in the scope of the e-Privacy regulation.
Conclusions
The legislative process on the e-Privacy file has not yet concluded, and it is not clear at this point what will the final result look like. What is clear is that any option put forward must satisfy three conditions. The legislation must:
- Increase consumer confidence in the privacy of data as Artificial Intelligence and the Internet of Things become more prevalent in our daily lives
- Anticipate technological developments and avoid unnecessary spill-over to domains with little relevance to the protection of privacy
- Provide business with legal certainty as to which M2M communications are within the scope and therefore subject to privacy rules.
If the Council adopts an ambitious text the overall result will be an effective protection of user privacy, and need not be an obstacle to innovation and digital machines.