Modern society is experiencing an unprecedented “data boom”, fundamentally altering and adding sophistication to all human activities, which are thus becoming ever more information-driven. Numerous studies convincingly show that such “data universe” in full expansion impacts businesses (which need to understand and adjust to a dynamic environment), as well as consumers (which are both the fundamental source and the ultimate beneficiaries of shifting commercial trends). In 2012, The Boston Consulting Group estimated that the volume of global data transactions increases annually by 45%, which means that the data volume doubles every one–and- a- half years.

As a relevant dimension of this process, the history of internet browsing indicates that the total internet traffic has experienced an outstanding growth in the past two decades. In 1992, global internet networks carried approximately 100 GB of traffic per day. In 2002, that amounted to 100 GB per second, while in 2015 global internet traffic reached more than 20,000 GB per second (http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/vni-hyperconnectivity-wp.html). This data and information revolution brings about new economic, social and ethical challenges, as individuals become not only consumers, but also providers of a very valuable asset: their personal data, often referred to as “the new oil” which the industry is keen to process for powering-up lucrative operations. As illustrative as this comparison may sound, one must keep in mind that personal data is not a resource waiting to be harvested and exploited. Use of personal data needs to be calibrated so as to ensure the protection of fundamental rights, especially privacy and data protection, without affecting economic expansion. On the one hand, consumers whose data are harvested by the industry have a legal right that their personal data be used for legitimate purposes, which the consumers are duly and timely made aware of. Consumers expect that, when handling their personal data, the industry makes sure such data is protected against misuse.

Statistics show however that there are considerable worries about privacy, and these worries can negatively affect the business. On the other hand, given the high commercial potential of personal data, the industry may see rules on protection of personal data as an obstacle to their development.

This social and economic environment requires public policy makers to create a legal framework which would allow the industry to use personal data in a sound and fashionable manner, so as to protect the legitimate interests of the data subjects. Finding the right balance between the legitimate expectations of data subjects and those of the industry is crucial, and the legal framework needs to set the stage for mutual trust between the two sides.

In 2012, the European Commission launched a comprehensive reform of data protection rules in the EU. The official texts of the new legal framework in the field were published and are expected to be applicable starting with May 2018. It is the intention of the Commission to empower individuals to reclaim control over of their personal data, to simplify the regulatory environment for business, and to enable European citizens and businesses to fully benefit from a digital economy (http://ec.europa.eu/justice/data-protection/).

In any case, no matter how much the new regulatory rules succeed in bridging data subject’s rights and the industry’s interests, trust needs to be earned through sound commercial policies, able to show that protection of personal data is a priority for the industry also. Needless to say, data protection creates significant costs to the industry; according to an impact assessment prepared in 2013, the EU data protection framework imposes on European companies an administrative burden totalling EUR 5.3 billion (http://www.ivir.nl/publicaties/download/1350) Despite that, companies need to understand the importance of the matters and adopt policies that would ensure protection of personal data.

Also, while e-commerce made significant inroads into the hearts and minds of a new generation of consumers, the electronic environment is yet to become a safehaven for consumers’ data and money. With cyber-attacks becoming ever-more sophisticated, the industry must invest significant resources in the security of the data they are processing.

Not least, protection of personal data needs to be factored-in when designing employment policies. Employers have to adopt proper regulations ensuring that their employees feel protected and respected, and that monitoring employees’ performance at the job does not intrude on their personal life. All these challenges increase the importance of personal data protection for the actors involved. “Data” got “Big”, so that data protection rapidly emerged from a marginal topic into a mainstream concern for data subjects, industry, policy makers and legal experts.

This article was first published in Just in Case, an electronic magazine by Țuca Zbârcea & Asociații (http://www.tuca.ro). To read the entire article, please go to: http://www.tuca.ro/just_in_case/