GDPR and the World Cup have these 4 things in common

This article is brought to you thanks to the strategic cooperation of The European Sting with the World Economic Forum.

Author: Adam Schlosser, Project Lead, Digital Trade and Data Flows, World Economic Forum

The world will look at Europe as a game changer twice within the next month: first on May 25 then again on June 14. The latter date marks the start of the World Cup where Germany is tipped to be the first team in nearly 50 years to repeat as champions, and 6 of the top 8 favourites are European countries. May 25 represents the application date of the General Data Protection Regulation (GDPR), which will institute a host of new rules and requirements to raise the standard of how personal data is treated with a goal of empowering people within the EU. It may seem as if the World Cup and GDPR have little in common besides upcoming start dates. But that’s not the case. Here are four things that are important for both a successful World Cup and a successful GDPR implementation.

Football players must constantly practice to acquire new skills and techniques to keep up with emerging tactics from other teams and stay at the top of their game. Similarly, data protection authorities must ensure that they are constantly working to develop new insights and understandings and provide evolving guidance to ensure a static regulation like GDPR is able to keep pace with and adapt to emerging technology. This is essential because some of the very features of GDPR that make it a groundbreaking regulation are the same features that may serve to limit adoption of new technology. Start with blockchain, which has been touted as the solution to everything from trade finance to cancer to global warming. One of the core benefits of blockchain is immutability as data cannot be deleted. Yet that seems incompatible with GDPR Article 17, the right to erasure, more commonly known as the “right to be forgotten, ” which requires data controllers to delete data when requested by the data subjects, an important goal.

The best World Cup teams must be highly in sync with players aligned in their roles on the pitch. Along these lines another major benefit of GDPR is the streamlining of previously divergent data protection rules across the European Member States. Yet it’s essential that May 25 isn’t only a momentary spasm of alignment, but that the Member States remain in coordination because there are several places where derogations are allowed that might lead to a patchwork of rules if efforts aren’t made to remain streamlined. Notably, this includes medical and health data, where several articles and recitals expressly allow, and even seem to encourage Member States to make their own rules.

The best football teams always remain in a formation. But there is no single formation that can be considered the best approach. The most skilled coaches are able to identify which formation maximizes their team’s talent. Much like a 4-4-2 or 3-4-3 might be the best formation depending on additional context of players and opponents, it’s important to note that while GDPR is a substantial step forward in enhancing data protection, it’s not necessarily the single most appropriate approach for the rest of the world, especially as governments have very different levels of development and culture and values.

With a new data protection regulation just passed in Japan, proposed in India, and long contemplated in Brazil, there are a number of major governments updating rules. Moving forward it’s important to recognize that the end goals of all these data protection rules is an essentially equivalent goal of ensuring a high level of protection for consumers and empowering more control, even if each approach allows for different means to get there. Recognizing that different approaches may yield the same strong results will lead to more interoperable frameworks and raise the bar for everyone.

Finally, have you ever noticed how teams at the World Cup don’t celebrate and congratulate themselves at halftime? Regulators, industry and citizens mustn’t rest on their laurels by merely passing GDPR, but must continue to work together to make sure they’re able to provide a strong level of protection while meeting consumer expectations and enabling innovation. Collaboration is critical when 75% of Data Protection Authorities, the independent authorities who supervise information privacy in their countries, say they aren’t yet prepared to meet their GDPR duties.

Just because there is uncertainty doesn’t mean that GDPR won’t make a major difference. GDPR truly represents a game changing moment. After all, how often are regulators compared to Messi and Ronaldo?