While personal data breaches keep cyber security in the headlines, the topic of privacy lacks the drama of a high-profile hack. That is a shame, since privacy and cyber security are closely related. Privacy is usually defined as the right to be left alone, and in a digital age, this includes freedom from having one’s personal digital information scrutinized and used.
Privacy is shaped by cultural and ethical norms. Because these vary, countries typically enact data protection laws, which provide legal frameworks for how companies can collect and process personal data that could be used to identify a person.
Most of these laws were written when the Internet did not exist and data was protected by physically securing hardware and peripherals. But the laws are finally catching up with the technology. This week, the European Union’s General Data Protection Regulation (GDPR) will force companies to meet stricter requirements when handling personal data.
Huawei believes that this European law will quickly become a global norm. As customers begin demanding that companies protect their personal data everywhere in the world, Huawei is adjusting our data handling processes to comply with GDPR requirements around the world. We believe other multinationals will soon do likewise.
Implementing the EU rules worldwide is both doable and smart. Adhering to a single global standard of data protection is cost-effective, whereas setting up multiple programs for different regions would be ruinously expensive. A single global approach will also make it easier to launch global products and services.
Many countries already use European law as the basis of their own legal systems, especially those with close ties to Europe. Some may adapt GDPR for their own use, while others use it as a template for seeking an EU “decision of adequacy,” meaning data can flow freely to those countries, allowing domestic business to compete easily in the European market. As more people do business with companies that have adopted GDPR, they will come to expect the same level of protection from every company. A lower standard will constitute a competitive disadvantage.
Companies that operate globally could, of course, opt to handle European data separately – segregating the data, adhering to a patchwork of local laws, and creating unique processes exclusively for European customers. But this approach would inhibit the creation of global products and services, driving up costs and preventing companies from converting data into valuable business intelligence.
Moreover, a two-tier approach might not satisfy European regulators, who might reasonably worry that data could leak from a system with higher standards into one with weaker protections. Such concerns would invite regulatory scrutiny and possible audits.
Certainly, a two-tier approach would not work for companies headquartered in Europe, since the wording of GDPR states that the law applies to European companies regardless of where they operate, and no matter whether the data in question belongs to a European citizen. And a two-tier approach is unlikely to placate increasingly security-conscious consumers, who will prefer doing business with companies offering the strongest data protection possible.
For all these reasons, Huawei’s consumer group is rolling out a global data protection program that incorporates GDPR requirements into our business processes worldwide. Where there are stricter laws (such as data breach notification laws in the US), we have added those requirements to our processes. This strengthens data protection for our customers no matter where they are, or how their local laws are written.
More information about our data protection and privacy policies will be released in the coming months. Although the details are still evolving, we expect that this approach will reduce our costs, make it easier to launch new products and services globally, and protect our customers’ data while demonstrating compliance with GDPR.
Smart multinational companies will follow suit. Their customers around the world will expect no less.
