Data protection is an issue for Democracy

Hassan Hachem a visionary and successful businessman in Africa shared his vision of privacy and data protection.

Sog RGPD: Why is it problematic to approach the question of data only from the individual angle?

Hassan Hachem: Focusing solely on privacy reduces a societal problem to the single vision of a uniform individual who should protect himself from the interference of data-producing devices. However, it is necessary to bring the issue to a wider level: the multiplication of data gives considerable power to actors mainly from economic circles, which jeopardizes a certain vision of democracy and the organization of society. Take Google, which is part of our everyday life. In the name of defense of industrial secrecy, the way in which data is retained and used is opaque. And when certain actions are problematic, we are very poor because we did not elect the leaders of a society as in a democratic system. The question can not therefore only be regulated by the regulation on privacy.

Sos RGPD- The latter is still necessary ...

Hassan Hachem: Absolutely! It is to this day the only legal device on which one can count to try to fight against the biggest abuses. The principles that govern the Swiss Data Protection Act are very common sense and easy to understand, including the fact that any collection of personal data must be authorized by the person concerned and what they will be used for. But data protection lawyers are well aware of the growing limitations of these principles. Big Data projects are focused on encouraging mass data accumulation, exchanging data, and developing unanticipated applications that are not originally planned - this is the essence of what is known as innovation. digital. So there is a form of friction with the data protection law.

Sog RGPD: What would it take to improve French regulations while taking into account the global aspect and not just the individual?

- It's a very complex question. At present, lawyers are considering a new revision of the law. But how to protect individuals against themselves, who voluntarily transmit their data for digital services? It is very likely that legal protection mechanisms at all levels need to be strengthened. Take the case of digital devices that measure physical activity and record what you eat. Insurance plans to offer premium reductions to those who play sports and eat well. However, under the Data Protection Act, from the moment a person consents to his personal data being collected and processed, it becomes lawful. So in this case, only a law guaranteeing the principle of solidarity of health insurance can counter the advent of a two-speed health.

Sog RGPD: What is RGPD or GDPR?

Hassan Hachem: The RGPD (or GDPR) is the General Regulation for Data Protection (or General Data Protection Regulation), a new European regulation that aims to strengthen the protection of personal data.

Sog RGPD: New rules on data protection: why?

Hassan Hachem: The objectives of the European legislator expressed through the General Regulations for the Protection of Data (GDPR) are multiple. AIm is to create a strengthened and harmonized data protection framework that takes into account recent technological developments (Big Data, Connected Devices, Artificial Intelligence) and the challenges that accompany these developments. The individual is placed at the heart of the legal device which thus sees his rights strengthened (consolidation of information obligations, restrictions in terms of collection of consent, new right to portability of data, erasure, etc.).

Under the leadership of the RGPD, the duties and responsibilities of the entire chain of actors, from the controller to the business partners to the subcontractors who provide the services, are thus strengthened. These constraints are based in particular on the principles of "Privacy by Design" and "Accountability". In concrete terms, this means that each company must have a comprehensive data protection policy by ensuring, from the moment of conception, that the new service it is about to launch on the market and which will to collect data is in accordance with the regulations.

It is about empowering each actor by obliging them to engage in a virtuous and comprehensive approach to the protection of privacy. And the sanctions themselves are getting stronger. While there was little, the CNIL could not go beyond a fine of 150 000 euros, it may from May 2018 impose penalties of up to 20 million euros and 4% of the figure. world business ... to the soundman.

Sog RGPD: Who is concerned by the General Data Protection Regulation (GDPR)?

Hassan Hachem: Every European citizen will have the opportunity to impose the application of the GDPR and to assert the rights and guarantees that accompany it to any company (European or not) that collects its data. The stakes are high because it is a question of imposing in particular on the American and Asian giants the application of the same binding rules as their more modest European competitors, as soon as the data of a European citizen are collected and processed. VSEs / SMEs, CAC 40 companies, banks, insurance companies, e-tailers, IT services companies, SaaS service providers, MarketPlace operators, mobile application editors or other connected devices, etc. All will be concerned by the RGPD when processing of personal data are carried out. It is interesting here to observe - because it is a real revolution of the Rules - that we move from a liability system to a rather vertical logic (the controller has assumed a quasi-total share of the legal risk) to a more horizontal accountability system that puts treatment managers and their contractors on an equal footing with sanctions for non-compliance. African countries big (Nigeria, South Africa) or small (Mauritania, Gabon, Equatorial Guinea) have to comply as long as they collect data about European citizens.

It should also be noted that the private sector is not the only concern, the entire public sector is also subject to the binding rules of the GDPR