Toespraak van minister Van der Steur op de Internationale Privacy Conferentie (IPC)

Toespraak | 29-10-2015

Chairman Kohnstamm,

Ladies and gentlemen,

Thank you for inviting me to be here with you today.

This location – the Amsterdam Passenger Terminal – has a history spanning 150 years. In 1875 this island was built to accommodate ever-larger ocean-going steamships from the United States.

A lot has changed since then. The berths have been refurbished. The terminal building has been modernised. And the number of ships, the luxury on board and the number of destinations have increased many times over. Hundreds of ships moor here every year. Cruise ships that cross the oceans, just like those old steamers did in 1875.

But today, there is a more going than ever before, underneath their keels, on the bottom of the sea. Not far from here, on the Dutch coast near the town of Katwijk, is the landing point for the TAT-14 cable, the transatlantic communications link between the United States and Europe.

There is no port. There are no berths. And there’s no passenger terminal like here. But every second, this cable carries more data and personal information about more people than all the passengers who use this terminal in an entire year.

It is up to all of us – policymakers, public servants, business people, ICT experts and scientists from both sides of the ocean – to keep this information flowing as freely as possible. Only in this way can the internet help make us freer, safer and more prosperous.

I'm delighted that you have all come to the International Data Protection and Privacy Commissioners Conference to talk about this challenge. This conference couldn't have come at a better time. The attention for the protection of our privacy is growing. In the Netherlands, in Europe, and in the rest of the world.

Only 3 weeks ago, the European Court of Justice declared the European Commission’s Safe Harbour Decision invalid. The Netherlands has concerns about the impact of this ruling. On our economy, our companies and our entrepreneurs.

The ball is now in the Commission’s court: it needs to come up with an effective arrangement. And from what I understand from Commissioner Jourová’s reaction to the ruling, they are working on this already.

As a government minister, I feel strongly that this important matter should be properly debated.

Ladies and gentlemen,

I have read the Privacy Bridges report that is in the spotlight today. I read it with great interest and I was impressed, to say the least. But that’s not surprising:

The report was written by experts from MIT and the University of Amsterdam.I wouldn't expect anything less from these excellent universities, with a strong international reputation.

What appealed to me most was the author's practical approach. There are no legislative programmes that take years to implement. Instead, there is a plan for building bridges effectively between European and US data protection policy. Very inspiring.

Not only because it offers opportunities for both Europe and the US. But also because this concept is a blueprint for working with other continents too.

I'd like to mention2 of the bridges discussed in the report.

First, bridge number 7: best practices for security breach notifications.

Last month we saw the first large-scale attack on the Apple App Store. The store was infected by malware. Hackers tricked developers into downloading counterfeit software, making it possible for them to steal sensitive data.

This is a wake-up call. Large-scale data breaches like this one are a hazard for individuals, companies and public authorities. We need to understand them, so that we can arm ourselves against them.

Security breach notification laws help companies and people take measures to protect themselves and secure their personal data more effectively. And they help privacy watchdogs decide when an incident should be investigated further.

Bridge 7 advises authorities on both sides of the Atlantic to work together when multi-nation breaches occur. This includes improving law enforcement practices, sharing information and aligning their breach notification regimes.

It is my firm conviction that everyone – companies and consumers, public agencies and private citizens – will benefit from this. We need to learn from each other’s breach notification regimes.

One way is for policymakers to compare our breach notification laws. Another way is for companies and organisations to share their best practices, so that breaches can be identified sooner and shared more quickly.

So, there is a lot of work to be done! And I’m looking forward to getting started. Let's move on. Bridge 9 recommends launching a dialogue between Europe and the US with a view to coordinating regulatory activity. This would be useful, especially with new developments that can have a major impact on our privacy.

Drones is an obvious example that comes to mind. It is mentioned in the report as well. The increasing use of drones is a multifaceted development. Drones are practical: they can aid the military, the police and the justice system in their efforts to protect society. They are profitable: they give businesses – from Amazon to local pizza delivery services – a new market with potential for new profit sources and lower costs.

But there is also an ethics element: drones give individuals, companies, and organisations a pair remote-controlled eyes. I believe it is useful and necessary for the EU and the US to have a dialogue about drones and privacy. I believe it would be good for the protection of our data. And I believe it would also be an effective way to give companies and entrepreneurs scope for creating a successful drone market.

I'm going to do my best to initiate a dialogue about drones. My colleague, the Minister of Infrastructure and the Environment, and I want to put this on the agenda during the Dutch EU Presidency in the first half of 2016.

Of course, we can't do this without the European Commission. And that's why Dutch civil servants are already working with their European colleagues to explore the possibilities for conducting a dialogue on this issue.Dialogue is the first step. A step towards improving data protection. A step towards better business opportunities. And a step towards more opportunities for building bridges between Europe and the United States when it comes to protecting our privacy.

We'll know in time if this first dialogue produces results. But I’m optimistic.

Ladies and gentlemen,

I began my speech by taking you back to 1875. Back to the time when ocean-going steamers docked here in Amsterdam. The people who came ashore brought stories with them. Experiences. Ideas.

And that process was accelerated by the invention of the telephone, the aeroplane and the internet. But the essence is the same: by talking to one another, sharing experiences and spreading ideas we can bring the world – Europe, the United States, and all the continents – closer together.

With that in mind, I wish you a very productive conference. Thank you.