An official website of the European Union. See all European Institutions
Ladies and gentlemen,
Thank you for inviting me to this great University - the oldest higher education institution in Chile.
It's also my honour and a great pleasure to come on my first official visit to this region and visit this country first. I think both Chile and Europe have a lot in common and I was very glad to see Chile as a first country from this region to join the OECD.
I would also like to welcome very much your constitutional amendment of your Constitution last year that made data protection a fundamental right. This is a recognition that the citizens, we need strong privacy rights and cannot be just looked at as potential consumers.
When this University was founded in 1842, students could only dream of the digital technologies we have today. Now they are an important part of our daily lives.
More than that. They are revolutionising everything we do – the way we work and travel, how we stay in touch, and the way we learn.
The digital world is a world of opportunities. No doubt it has improved our lives. And it makes it easier to trade and it offers many opportunities for economic innovation.
Autonomous cars, smart cities, progress in medicine, education or security ... But on the other hand, it raises plenty of legal and ethical questions about fundamental rights, trust, and the role of humans in an economy driven by tech.
We have become acutely aware that the internet can also influence our lives in ways unknown to us. We have more difficulties to distinguish real from unreal, true from fake.
For instance, the internet has made it much easier for people to join the political debate. But the recent Facebook/Cambridge Analytica scandal was a wake-up call that raised serious concerns about our collective freedom as voters and politicians. Personal data of millions of users were stolen and then used by political consultants to discover people's fears and target them with political propaganda.
I must stress that if we want to continue to enjoy the benefits the digital transformation offers, we must ensure that it fully respects our core values and fundamental principles.
In Europe we cherish our freedom, our democracy, equality, and the rule of law. They are the foundations for a strong Europe.
We share these values with you in Chile. We also have great trade relations. Indeed, my visit to Chile almost coincides with the 5th round of negotiations for a modernised Association Agreement with the EU.
In Chile, in Europe and in many other places in the world, we are facing difficult questions: are the tech giants too big to handle; should they be broken up; are our competition rules up to speed with today's reality; do we have tools to protect our privacy; how do we maintain trust in the digital economy; how do we shield us against modern cyber-threats?
We have reached a moment where it has become clear that the dialogue between politics and technology is not only unavoidable, it is necessary.
And countries that cherish common values, that recognise data protection as a fundamental right, like Chile and the EU, need to work together to shape the global rules of the game or others will do it for us.
In Europe I have been working on many of these questions as the EU Justice Commissioner for the last 5 years. Our approach was a careful one.
We didn't want to overregulate the Internet or put heavy obligations on platforms. On the contrary, we wanted to support the digital innovation. One of our key flagship initiatives is the creation of a Digital Single Market in the EU.
But we knew that trust in this project would only work if we offered citizens the control in their digital life, and end the digital Wild West where ‘everything goes'.
Let me first tell you a little bit about our European approach on this, before I share with you some thoughts on how we should handle these challenges in the future.
So, in my work I have used two simple principles:
First – there are important differences in illegal and harmful content based on the level of threats to the society. One principle should always apply though: what is illegal offline, must be illegal online.
Second – we have to be careful about regulation because legislation is not always the best way to solve all the problems. I am a fan of a more light-touch approach and of effective solutions.
Values and ethics
Despite all the transformational changes we witness, I think we must not forget who we are. We must cherish our basic foundations which are democracy, freedom, fairness and the rule of law.
And we must aim to become competitive in the digital economy while preserving those values.
The European Union is an area with a high protection of safety and fundamental rights, which ensures that technology is both ethical and trustworthy.
In Europe we have decided that technology should be human-centred and value-based.
Yet, many of the tech champions were labelled as disruptors. They wanted to ‘move fast and break things' often regardless of those core values. We saw that these were not always guarantors of a happy future for all and that more responsibility was needed.
Some of those companies started to change, but the only long-term solution I see is for a democratic society to take control of this process and put people at the centre of the technological revolution. And the politicians and indeed the tech companies have their roles to play to make that happen.
New type of social dumping
It is estimated that hundreds of millions of jobs will disappear by 2030. I read for example that Microsoft imagines that by 2038 personal digital assistants will be trained to anticipate our needs, prepare us for meetings and drive cars. This means a lot of job losses, including among some among my team.
In exchange new jobs will be created, I am sure, but it is clear that all these things mean huge societal change and social challenges, not only for the labour market but to our lives in general.
We have to watch out on the effects on society, whether a new type of digital poverty and social exclusion will be created by all this.
Especially, that I think the trust to those that lead this revolution today has eroded and created anxiety rather than enthusiasm.
It is important to address those fears. The adaptation of skills for jobholders and for the next generation to get ready for this next important technological step will be key.
Data protection and privacy
On the regulatory side in Europe, we decided to adopt a set of modern rules on data protection known as the GDPR. The new regulation aims to reconcile two key things: give people more control to restore trust to digitalisation whilst opening channels for modern innovation following the principle of privacy by design.
We must not ignore the lost confidence in the tech revolution. Two-thirds of Europeans (67%) are concerned about not having complete control over the information they provide online. I see the same is true in this region of the world. According to a recent survey; probably due to the recent scandals and massive data breaches, a majority of people around the world are more concerned about their online privacy than they were a year ago.
This mistrust could have an impact not only on the future of digital technology, but also on the development of Artificial Intelligence or on any type of big data research. That's why I see modern privacy rules as a competitive differentiator and as an economic advantage.
GDPR is a wide-reaching and technologically neutral regulation. When we started this process in 2012 many people thought we were “foolish” because in the age of social media privacy is obsolete.
Now, the GDPR is one year old and the first conclusions are that it is working well.
First of all, now we finally have one set of rules for the entire Europe. One continent – one law. This harmonised and simplified regulatory environment is particularly beneficial for smaller players and foreign operators, as it means a significant reduction in compliance costs and red tape. Instead of having to deal with 28 different data protection laws and 28 different regulators, since May of last year one set of rules applies to their operations in Europe and is interpreted in a uniform way throughout the continent.
We are starting to see positive trends when it comes to innovation and data security or when it comes to citizens making a more active use of their rights. As one senior corporate official from a tech company put it: “people are finally asking the right questions about where their data is stored and what companies are doing with that data”. This is about being data subject rather than data object; this is about being a citizen, rather than just consumer.
Many people, including tech CEOs themselves, admit that the hands-off approach to privacy doesn't work any longer. We hear from the social media platforms that they would welcome a GDPR standard globally, and that they want even more regulation and we see that many countries in the world are discussing horizontal privacy rules.
My main reason to come to Chile was to discuss exactly that – global convergence. If we have similar solution to the problems, it will be easier for us to ensure free flow of data that is becoming indispensable for trade, but also for the innovation dominated by AI and big databases. And if we join forces, it will be easier to influence the global debate and international fora, at a time when there is an increasing demand around the world for common standards.
That's why I am observing with great interest the debate in Chile about your new privacy law. It's not my place to tell you what to do. You will take the decision in a sovereign and democratic way.
What I can offer is my experience in introducing such a law in Europe and the impact it has already had.
Studies indicate that companies benefit from their privacy investments. These benefits include fewer losses from data breaches, quicker sales and innovation through the offer on the market of new products and services with novel privacy and data security solutions. We see these products often developed by smaller and medium-sized companies.
In short, the Europe's data protection law, the GDPR, is an opportunity for business and a means for individuals to build trust.
But even the best rules need strong, effective and independent enforcement.
Let's go back to the Cambridge Analytica scandal as an example. The data of 87 million Facebook users were exploited. Our colleagues from the British Data Protection Authority dealt with this case and they ruled that Facebook was clearly liable since "A company of its size and expertise should have known better and it should have done better," and fined the tech giant half a million pounds for the data breach.
While it was the biggest fine available to the British authority at that time, let's be honest, it is peanuts for a company like Facebook. That's why the fines must be appropriate and dissuasive. I hope they will never be used, but the threat has to be real.
On the international stage, we can see the reflection of this type of thinking. Chile's President was recently in Osaka at the G20 leader's summit. I was very pleased to read the final leader's statement that recognised the importance of data protection as a trade enabler. The leaders agreed that we do need data flows with trust, because otherwise people, the citizens, will not embrace the digital revolution.
This is particularly relevant in the context of modernising Chile's and Europe's Association and trade agreement.
I trust that through these negotiations we will be able to build further on our common values and standards and bring tangible mutual benefits to our citizens and businesses alike. I hope that our dialogue on data protection will support the modernised deal and bring Chile and Europe even closer together.
Online content and responsibility of platforms
But legislation is not the only thing we do in Europe to shape the digital age. As I said, I don't think that regulation is the best way to solve all the problems. Regulation is one of the possibilities, but we first have to explore all the options available on the menu.
When it comes for example to online content, we wanted to preserve the freedom of expression and the possibility for platforms to offer an open space for exchange, but we also wanted them to start fixing the problems they themselves helped create.
We adapted our response to different types of content. The bigger the potential online harm for the people, the faster and stronger the reaction should be. Terrorist content and child sexual abuse images are the biggest threats. That's why we proposed legislation to remove terrorist content within one hour from when the content is flagged. And if these obligations are not met there will be fines.
Then, for illegal hate speech such as racism and xenophobia that is banned in all Member States by European law, I worked with platforms on the voluntary Code of Conduct to ensure that the rules that apply offline are also respected online.
And we achieved good results quickly and rallied all actors around the common understanding of the fact that some things are simply illegal – offline as well as in the online environment. This approach proved to be effective.
And on disinformation and fake news which can have negative effects and where we have to respect that it is not illegal “to lie”, we want to cooperate with platforms, with the media and the NGOs, fact-checkers to be able to detect, to expose and to react. In fact, with all 28 governments we have created a rapid alert system to learn from each other and warn each other.
We have worked with online platforms on a voluntary basis to create a code of practice on disinformation, meaning impose more transparency on political advertising and detect better foreign manipulative campaigns, run also by fake accounts and bots.
This helped us also to be better equipped against massive manipulation in the recent European Parliament elections. But disinformation campaigns remain a big issue of concern for society, and the discussions continue in the EU.
Artificial Intelligence is another important part of tech revolution.
What makes AI special is that it can improve all sectors of our economy and our everyday life, just like electricity or automation did. The main potential of AI therefore is versatility.
On the one hand, we want to embrace the fantastic opportunities and make Europe a good place for research and investment in this technology and a place that does not lag behind others, in particular the US and China.
On the other hand, we have to ensure that people trust it and we must address people's concerns. The privacy legislation, the GDPR, provides some answers, but not all.
That's why we have started thinking what else we can do, starting not by regulation, but by bringing people to the table.
We have asked a group of experts to develop AI ethics guidelines. The idea is to offer a concrete operational tool for industry for the development and use of AI.
Once we have seen how far the guidelines take us, the Commission and the Member States must, as a second step, stand ready to monitor developments, including at national level.
We are also looking into liability in the AI context. In March last year a first pedestrian was killed in Arizona by an autonomous car. Once this technology is in full swing, the consumers and citizens must know who is liable. The car owner? Manufacturer? Or one of many software providers?
So, what's the way forward for the tech revolution? Will it lead us to a better future or rather turn our lives to an episode of Black Mirror.
In the public debate, I see some questions appear that in my view miss the real issues.
To break up Facebook or not – is not the right question. To regulate tech or not – is also not the right question. They are too narrow and won't solve the issues that that are ignited by the tech revolution.
The big question we should try to answer is what place tech should have in our society.
I believe we need to change our mind-set and apply the rules that we have for the offline world in the online environment.
But we have to consider very complex questions: what kind of policy mix do we then need and want? How much should be left to self or co-regulation versus legislation? To what extent should we rely on ex-post enforcement compared to more ex-ante forms of regulation?
We need to have a systematic approach to decide where and for which aspects we need regulation, and if we do, whether it's better to focus on self-regulation and how to agree on a system of compliance with our values.
An architect needs to respect and comply with the building code and a number of safety legislations. For the digital world we should think of a similar system, a mix of ethical, legal and societal norms that would ensure continuing trust in the greatest revolution of our lifetimes.
In the new Commission, I am sure that responses to tech challenges will be high on the agenda, and that an initiative on AI will be one of the first big items to be discussed.
Here are some ideas on what we should be focusing on in the next mandate of the European Commission.
First of all, we should continue to follow 'the people's first' approach. Technology should be predominantly for the people, not for profit or growth. I don't believe these have to be exclusive, though.
Also, we should not allow for bias, discrimination or any use of algorithms that would be contrary to individual rights.
At least for some applications, we should think of installing black boxes, like on the planes, which can record everything happening in the AI system, so we can work out what happened if things go wrong.
And beyond AI, it is clear that we need to have a debate about basic principles how digital services are governed by platforms, in particular how to ensure greater safety and trust.
Then, we should think of how to make those companies pay fairer share of the tax. For some time I had doubts myself, but now I am convinced we need some form of digital taxation. The money sourced from this tax should go to the problems created by digitalisation or to the digital literacy and education for our youth.
Also, I want to make sure that Europe is a place that embraces innovation and allows for ideas to grow.
We have to find a way to allow start-ups to innovate and to grow in a stricter regulatory environment in Europe. We could think of lessons we learn from the fintech industry and think of regulatory sandboxes for start-ups when it comes to privacy or data not to scare people away from Europe.
And whatever regulation we come up with, we have to get better in assessing its impact on SMEs. Or to put in differently, if we try to solve problems created by Facebook or Google, we shouldn't punish SMEs.
Talking about those two companies it becomes obvious that they start occupying almost a dominant position on the market. But because their value is based on gathering data, they do not easily fit within our classic competition rules.
The digital giants broke many barriers, yet the enforcers still look at them from their more classical point of view: data protection, consumers and competition.
Those three aspects merge more and more when it comes to activities of the platforms and enforcers should start looking also at connecting the dots.
To be clear: I am not saying, let's break them up. It's a catchy slogan, but it is really a nuclear weapon. And nuclear weapons are not there to be used; their strength lies in their dissuasive effect.
We have other tools at our disposal. We need to think about new synergies in their use. For example, in some situations, competition and data protection rules can complement each other to lower entry barriers to highly concentrated markets for smaller competitors.
Another thing is that our data is not something these companies can own.
We should think about ways to make those companies more transparent and accessible to others. Some time ago we decided to open up telecoms monopolies by forcing them to share their infrastructure with competitors.
This does not mean necessarily making the personal data accessible, which may raise legitimate privacy issues. But maybe it's time to assess if the algorithms that are run thanks to our personal data should be made more accessible or more transparent.
The technological revolution will continue to have an impact on our societies for years to come. And there could be many problems along the way.
I have always advocated a common response to global challenges. And in view of our shared values of democracy, respect for human rights and fundamental freedoms, and our great trade relations, it is logic to me that the EU and Chile join efforts to find convergent solutions.
By working together, we could make our voice heard around the world and lead the way in shaping the digital age.
If we oppose, neither of us will benefit.
I am quite sure I know what outcome I prefer!
Let us look forward to upgrading our strategic partnership, including in digital matters!