Few of us would argue with the need for data protection laws to safeguard consumers and individuals, but industry convergence, digitalisation and disruption from new technologies and players makes the implementation of such laws more difficult than ever. In this complex, interlinked regulatory environment, it is important not to forget how the regulations impact organisations that use IT.
I’m not speaking here about companies and consultants that provide IT services, but rather every type of company that relies on IT for their operations: whether they produce and provide food, components, energy, services… And they tell us that data protection and security are priority topics.
Beltug represents the voice of these business users in Belgium, and internationally through our connections with INTUG and euro.digital. They bring us their concerns directly – and the current regulatory situation is creating complexity and uncertainty for them. New challenges in privacy, cybersecurity and data protection are requiring regulators to reach into domains beyond their traditional competencies.
I want to highlight three elements that are complicating the landscape for business users of IT:
- Lack of international harmonisation
- Overlaps between regulators’ efforts
Harmonisation: many companies today operate in more than one country, and thus face multiple regulatory regimes. Even with the EU’s General Data Protection Regulation (GDPR), rules vary by country. But each company has the responsibility to comply with the different requirements.
Overlaps: within one country, multiple regulators can come up with different implementations on overlapping topics. For example, in Europe, the Network and Information Security (NIS) Directive and General Data Protection Regulation both require companies to report security and data breaches, but each has different reporting forms, deadlines, and so on. There is a risk therefore that we don’t arrive at the most efficient implementation.
Dominance: for years, Beltug has been calling for healthy competition in the telecoms business market. But we are now seeing serious changes in the market, with very dominant players. This increases the risk of vendor lock-in and raises barriers to entry for smaller companies.
At the same time, technology continues to evolve faster than legislation, which stifles innovation and the adoption of promising technologies, such as blockchain. Companies face major ambiguity on essential questions: who owns what data? Who may commercialise data? And how can we ensure data is well-protected?
These are only a few examples of why it is important to consider the perspective of the companies that will have to implement data protection regulations, while the latter are being drafted. Legislation needs to protect consumers’ rights, but also support and uplift the businesses that comprise our economies. I look forward to exploring the options in the international panel on Regulating the future: safe, inclusive, connected at ITU Telecom World 2019 in Budapest.