集微访谈 | Tobias Judin:危!数据传输或受限,以色列ICT产业前途不明

来源:爱集微 #集微访谈# #数据保护# #以色列#
1.5w

集微网消息,在往期的集微访谈栏目中,爱集微有幸采访了挪威数据保护局国际部的负责人Tobias Judin。他在数据传输和保护等方面拥有丰富的经验,曾代表挪威参加欧洲数据保护委员会。集微访谈就关于以色列政治改革及数据保护等方面提出了一系列问题,并收到了十分有启发的答复。

问:就像最近几年,就像最近几周,papaya global这样的公司他们的首席执行官宣布公司计划从以色列撤资。以色列的这一政治变化对大部分投资的深远影响是什么?

答:我认为这是非常非常有趣的,因为现在很多在以色列的大公司都表示,只要它继续保持民主政体和当前的政治制度,他们都很乐意在这里投资。如果发生改变,他们就会离开。问题是,我认为以色列即将发生变化,主要是,或者也许是,在以色列的其他地区,也许是在以色列更多的宗教地区。但这对经济发展贡献不大。

所以我认为,如果真的发生什么改变,以色列的经济发展将会非常困难。因为以色列是一个大的科技经济体,如果他们失去了这些科技公司,情况就会变得大不一样。

那以色列会怎么做?比如,如何维持他们的人民和经济?所以这不仅仅是政治问题,这也和经济有很大关系。我认为这确实会危及他们的经济。这会影响以色列的信用评级,使得它各方面的利息升高,这意味着普通以色列人民的钱会减少,本质上说是因为抵押贷款变得更加昂贵。

这对以色列人民来说将是一个糟糕的局面。他们会如何应对这个新的财务现实?事实上很多以色列人都有多重国籍,我想约有10% 。对这些人来说搬家也很容易。然后还剩下什么?

问:他建议如果以色列的法官等不再表现出公正,那么以色列在未来重新评估其立场时将不符合欧盟标准。吓坏了很多在那里有业务的科技公司。那么它会产生什么影响呢?你认为对半导体行业会产生什么影响?

答:这也很有意思,因为很明显,有很多以色列公司在全球或者在欧洲等其他市场都有业务。但是,如果一家以色列公司本来在欧洲经营,但改革后就无法继续了,会发生什么呢?首先,他们肯定能向以色列发送人力资源数据,但无法发送客户数据了。

但问题是,他们为什么要留在以色列?因为如果一个以色列公司不能够真正交换他们的数据,那他们就很难在其他市场运营。

我认为这可能会给其他国家带来好处,因为突然之间,以色列公司可能会举步维艰,需要为了符合新规或者搬迁投入大量资金。而其他国家的公司可能没有这个问题。因此,这也影响着竞争状况。

比如生产儿童产品的以色列公司,还有很多在处理个人数据的以色列公司,他们的产品就是处理个人数据。

对他们来说,这将更加困难,因为他们将需要把业务转移到欧洲或其他地方。因为事实上,在一个不合乎要求的国家,为了使个人数据的传输合法化,就需要做很多事情。

问:如果看待欧洲数据保护委员会和欧盟数据理事会将在夏季宣布数据法案

答:这是个很复杂的问题。2020年欧盟法院认为美国的监管太具入侵性,因此我们需要停止向美国发送欧洲的数据。随后,欧盟与美国就此事进行谈判,事实上,美国对其法规进行了相当大的修改来缓解这个问题。因此现在我们正在评估美国修改后的法规是否符合欧洲标准。

这其中有很多细节,非常复杂。我认为事情正朝着好的方向迈进,因为美国方面进行了非常积极的改变。欧盟委员会将尽早做出决定,可能会在今年夏天。但我认为,基于这些正向的改变,欧盟有可能会批准新的机制,我们可以重新开始向美国发送数据。但这也存在挑战,因为欧盟委员会只代表一家观点,其他人可能不同意,因为还存在其他问题。总是会有问题。所以我认为这个问题还需法院审理。所以在这种情况下,法庭有最终决定权。就是这样。

问:你能详细说明一下GDPR如何运作执法模式?

答:我们在欧洲有所谓的一站式机制和《通用数据保护条例》。从本质上讲,假设你有一家公司设在某个国家,但他们的客户遍布欧洲。让我们假设它是社群公司,就像脸书和Instagram

他们在爱尔兰成立。如果在挪威有人想投诉他们,他们可以来找我们。我们可以将投诉提交给爱尔兰国家保护委员会,他们会进行调查。于是我们就有了这种合作。如果有人与挪威公司有纠纷,我们会收到投诉,我们可以帮助他们投诉,即使他们在瑞典或西班牙或其他地方。这很好。

就不公平的负担而言,问题是许多大公司都位于少数几个国家,其中大多数公司位于爱尔兰。这意味着爱尔兰同事的执法负担更大,因为他们都是大型科技公司。这些案件往往是最大和最复杂的案件,也是公众和媒体最感兴趣的案件。所以他们承受的压力肯定要大得多。

然而,例如挪威的大型国际公司很少,压力更小。如果你看看挪威和爱尔兰,这就有点不平衡了,因为两国的人口差不多。但他们还有很多案子要处理。所以有些奇怪的是,一些最大的案件最终只发生在一个国家。

问:在全球电动汽车行业中有一个流行的术语,如软件定义的汽车,就像提出对数据保护的担忧一样,以概括 GDPR 将如何影响欧洲的电动汽车市场。

答:所以这些汽车紧密相连,有很多传感器,收集了很多个人数据。因为实际上关于司机的数据也是个人数据。所以本质上,《通用数据保护条例》将一直适用于处理和个人数据,这意味着突然之间,你无法对我们的传感器数据做任何想做的事情。有时候,你需要得到司机的同意才能收集这些数据。分享这些数据可能更加棘手,特别是如果你想把这些数据发送到海外。

公司有时没有考虑到的是,如果司机想要访问个人数据或删除个人数据,或者把个人数据放到不同制造商的不同汽车上,比如,他们是否真的有适当的系统来行使他们的权利。有时我们在实际生活中看到,并不是所有的制造商都有这样的好系统。

这实际上意味着你需要非常注意数据的使用方式,因为它实际上是关于司机的数据。这是他们的数据。你需要尊重这一点。

是的,你可以想象,它有很多用途。假设一家汽车制造商收集了司机的数据。然后假设他们想和保险公司合作。他们会把所有的司机数据分享给保险公司,然后保险公司会说这些人是好司机,这些人开车太快或违反规则太频繁。我们不想给他们投保,或者他们需要支付更高的保险费。所以当数据被共享时,它实际上会以意想不到的方式影响人们。或者如果他们向当局分享了数据呢?

问:下一个问题,来自不同国家的越来越多的监管机构正在努力应对这些侵入性数据项目、实践的挑战。他们中的许多人将此问题视为国家安全。因此,您是否担心数据保护标准会更加分散,并可能被用作地缘政治的杠杆

答:真是个好问题。我觉得两者都有。例如,我们现在看到广告行业有很多公司在监控我们在网上做什么。然后他们就会泄露 数据,出售数据。如果接收这些数据的人是一个与我们没有合作关系的国家呢?如果这个国家不支持这些数据呢?所以广告公司没有把我们的最佳利益放在心上。从安全角度来看,这实际上是一个问题。但是你说的很对,数据保护也可能在某种程度上被滥用,你说我们有严格的数据收集法,但这并不是真正的保护隐私。这是为了确保没有人得到我们的数据,因为我们需要这些数据。关键在于找到平衡。

但我想说的是,我们正在取得一些进展,例如,欧盟有自己的法律,对吧?但是我们实际上可以批准其他国家,就像我们对以色列做的那样。我们也和日本、韩国以及拉丁美洲的一些国家进行了合作。本质上,我们想说的是你有不同的法律,你们也有政府获取数据的方式等。但我们仍然认为这或多或少是在同一水平上,是成比例的。尽管我们的法规不同,我们仍有必要交换数据,比如我们可以把数据从欧洲发送到新西兰,尽管新西兰在世界的另一端。

越来越多的国家获得了批准。我们称之为充分性决定。实际上,我觉得现在数据共享正在增加。我们说,如果有安全问题,我们不会和你共享数据。但如果你的当局是以一种透明和适当的方式使用数据,那么你可以获得我们的数据,即使可能会出现问题。所以这要视情况而定。我认为你需要单独考察每个国家,但数据共享肯定是在朝着正确的方向发展。

以下是采访原文(英文):

Q: So my next question will be, so like recent years, like in recent weeks, companies like papaya global. So it's ceo announcing that the company plans to withdraw funds from Israel. As did Israel bc bounds just disruptive and disruptive ai what's your opinion? Like, what would be the profound impact of this political change in Israel on the majority of the investment?

A: Yeah, I think this is very, very interesting, because essentially a lot of the companies, the big important companies in Israel, now saying we're happy to invest here as long as you maintain the democracy and the current political system. If you change it, we will go away.

And the thing is, I think that the changes that may be coming to Israel, they will mainly, perhaps please, other parts of Israel, maybe the more religious part of Israel. But that's also a path that does not contribute so much to the economy.

And so I think it will be very difficult for Israel from a economical point of view, if the changes actually go through, because Israel is a big tech economy, if they lose their tech companies, they could go somewhere else.Then what will Israel do? Like? How will they sustain their people and their economy? So it's not just about the politics. It's also very much about the economy. And this could indeed endanger their economy.

So I think it will affect Israel's credit rating, which could increase the interests in his role, meaning that common Israeli people would have less money, essentially, because the mortgages become more expensive.And so it would be a bad situation for the people of Israel. Like, how will they deal with this new financial reality? Actually, a lot of people in Israel have dual citizenship. I think 10 % of the population had dual citizenship. It's also easy for them to relocate. And then what will be left?

Q: My third question will be, he suggested that if the like the judges in Israel no longer appear impartial, then Israel will not meet the eu standard when its position is reassessed in the future. He scares a lot of tech companies who have business in there.

So what impact would it have? Actually do? You think would be on the semiconductor industry?

A: So this is also very interesting, because obvious ly, there are a lot of Israeli companies that have in a global presence or operate in other markets, such as the European markets. But if let's say, an Israeli company operate in Europe, and then Israel is no longer adequate because of the reforms. What will happen? First of all, they will necessarily be able to send their data to Israel. They won't be able to send customer data to Israel.

Then the question is, then why should they stay initial? Because it will become very difficult for a company, an Israeli company to operate in other markets if they cannot actually exchange their data.

And I think it will maybe give other countries benefit, because then suddenly Israeli companies will maybe struggle a bit more and need to spend a lot of money on compliance may be relocate. Whereas other companies may not have that issue. So it affects kind of the competition situation as well.

And then one thing is just normal an Israeli companies offering products or kids. You actually also have a lot of Israeli companies that are working on personal data like the product is doing something with personal data.

And for them, it will be even more difficult, because they will then need to maybe move their service to a different place, maybe to Europe, maybe somewhere else. Because actually, if you're in a not adequate country, there are so many things you need to do in order to make a transfer personal data lawful.

Q: What if the European Data Protection Board and the EU Data Council will announce data laws in the summer?

A: Yeah, so it's a very complex matter. So in 2020, the court of justice of the European union said that American surveillance was too intrusive, and therefore, we needed to stop sending European data to to the US what has happened since is that there have been negotiations between the EU and the US and the US have actually changed their legislation quite a bit to mitigate the issue.

So what we are now assessing is whether these changes to their surveillance laws, whether they are sufficient to meet the European standard.

And there are a lot of details and it's very complex. I think that we are definitely going in the right direction. There have been very positive developments from the US side. So let's see. It's the European commission that will formerly take a decision, maybe this summer. But I think with all the positive changes, there is a chance that they will approve the new mechanism, and we can start sending data to the US again.

But there is also a challenge here, because the European commission that's just one voice, and other people may disagree, because there are still some issues. There are always some issues. So I think it will go to the court again. So in this case, I think the court will have the final say. Right.

Q: Can you elaborate on how the GDPR works as an enforcement model?

We have this thing called the one stop shop in Europe and the GDPR. Essentially, let's say that you have a company that is established in one country, but they have customers all over Europe. And let's say that it's meta, like Facebook, Instagram, what's up the metal companies?

They are established in Ireland. If someone in Norway wants to make a complaint against them, they could actually come to us. We can refer the complaint to Ireland, the irish state of protection commission, and they will do the investigation.

So then we have this kind of cooperation. If someone has an issue with the Norwegian company, we will get the complaint and we can help to complain it, even though they are in Sweden or Spain or whatever. So that's good.

In terms of the unfair burden, the thing is that many of the biggest companies are all situated in a few countries, and most of them actually in Ireland. That means that Irish colleagues have a bigger enforcement burden because they have all the big tech companies. Often those cases are the biggest cases. The most complex cases, the cases that received the greatest interest from the general public and from the media. So the pressure on them is definitely a lot bigger.

Whereas, for example, in Norway, we have very few big international companies. We have less pressure. There's kind of like an uneven as especially if you look at Norway and Ireland, because our population is more or less the same. But they have so many more cases to us. And so it is kind of weird that some of the biggest cases end up just in one country.

Q: Electric vehicles are becoming more and more intelligent and personalized, so is driver data still safe?

A: And so these vehicles, which are very much connected and have a lot of senses and collect a lot of personal data, right? Because actually data about the driver will also be personal data.

So essentially the GDPR I will always apply to that processing and personal data, which means that so suddenly you can't do whatever you want with our sensor data. Sometimes you need consent from the driver actually to collect those data. And for sharing those data could be even more tricky, especially if you want to send those data overseas.

What companies sometimes don't think about is what if the driver then wants to have access to the personal data or delete the personal data, or put the personal data to a different vehicle from a different manufacturer, like, do they actually have the systems in place to deal with the exercise of their rights. And sometimes we see in practice that not all manufacturers have good systems for this.

It actually means that you need to be very mindful of how we use the data, because it is actually data about the people driving, right? It's their data. You need to be respectful of that.Yeah, you can imagine and there are many uses for this. So let's say you have a car manufacturer collects data about the driver. Then let's say they want to cooperate with an insurance company. So they share all the driver data with the insurance company, and then the insurance company will say these people are good drivers. These people drive too fast or they break rules too quickly, and we don't want to ensure them or they need to pay a higher premium. So when the data is shared, it can actually affect people in unexpected ways, right? Or what if they shared with the authorities?

Q: Will international data protection standards be more dispersed or used at the level of political management?

A: What an excellent question. I think it's a bit of both. So for example, what we are seeing right now in the advertising industry is that you have a lot of companies that are kind of monitoring what we're doing online. And then they are just giving away the data, selling the data. What if the people receiving those data is a country that we don't have a cooperation with? What if it's a country that doesn't necessarily support it, so doesn't have our best interest in mind.

It is actually an issue from a security point of view. But you are very right in pointing out that it could data protection could also be misused in a way and say that we have this strict data collection law, but it's not really about protecting privacy. It's about ensuring that no one gets our data because we want them for ourselves. It's about finding that balance.

But what I would say is that we are making some progress in terms of, so for example, EU, we have our laws, right? But we can actually approve other countries as being adequate like we did with Israel. We have also done that with, for example, japan and south Korea, and also several countries in Latin America.

Essentially, what we're saying is that you have different laws, and you also have government access to data, et. But we still think that it's more or less on the same level and is proportionate. It's necessary that way we can actually exchange data, even though we have different rules like we can send data from Europe to New Zealand, even though it's on the other side of the world.

And there are more and more countries gaining that approval. We call it adequacy decisions. So actually, I feel like right now, data sharing is increasing. And we're saying that we won't share data with you if there are security concerns. But if your authority is operating in a way that's transparent and proportionate, then you can actually have our data, even though there may be issues. So, yes, it really depends. I think you need to look at each and every country individually, but it is definitely going in the right direction.

责编: 武守哲
来源:爱集微 #集微访谈# #数据保护# #以色列#
THE END

*此内容为集微网原创,著作权归集微网所有,爱集微,爱原创

关闭
加载

PDF 加载中...