Can Business Innovation and Consumer Trust Coexist? European Data Protection Regulators Say Yes

November 19, 2019, 11:28 AM UTC

If data is as lucrative a commodity as oil, governments must address the regulation of technology companies just as they address oil companies.

For senior European data regulation officials at the Fortune Global Forum in Paris on Monday, Europe’s relative lag in technological innovation—and the role that data regulation may play in that lag—was “the elephant in the room.”

The regulators discussed the landscape since the implementation of the European Union’s General Data Protection Regulation (GDPR) in May 2018 and defended EU regulatory practices.

“We often say in Ireland there’s nobody whose granny doesn’t talk about the GDPR every day,” Helen Dixon, Ireland’s data protection commissioner, said at the forum.

The GDPR was implemented to give individuals more control over their person data and make sure businesses prioritize data privacy. The U.S. has no equivalent; the closest comparison is the California Consumer Protection Act, which is set to go into effect next year and will become the U.S.’s first-ever data privacy law.

In response to charges that government regulation can stifle technological innovation, the commissioner of France’s data protection authority, Marie-Laure Denis, said that she believes regulation will contribute to longer-term growth in Europe’s tech sector.

“I think our idea, and it’s the bet of the European authorities, is that [data regulation] can foster innovation and also [the] economy because digital economy will not grow, from a sustainable point of view, if there is no trust [between consumers and companies],” Denis said at the forum. “I think innovation can be compatible with data protection.”

Dixon said there is “no basis for such an assertion” that European tech innovation lags behind because of its data protection laws.

U.S. policies around venture capital funding and STEM education encourage innovation, and Europe needs to look at those policies, Dixon said. But data protection is “simply a framework to allow an organization do something in the right way, it doesn’t out and out prohibit anything.”

EU regulation does not ban companies from using consumer data, Dixon said; provided that the data are protected, “there are ways of legitimizing certain forms of personal data processing.”

In January, Google was fined by France’s data protection regulator for failing to comply with GDPR. The roughly $56.8 million fine may have been pocket change for the U.S. tech giant but, Denis said, the penalty was “not only symbolic, because behind […] that we are getting the firms to comply more and more, and also the users to be more aware of their rights, and make them exercise them also.”

More must-read stories from Fortune:

—China has always trailed the U.S. in chipmaking. In the trade war era, will it catch up?
—After record floods, Venice assesses the damage and braces for more
—The trade war cost U.S. farmers their China market. A deal might not bring it back
—Why Mercedes’s self-driving trucks are set to overtake its robotaxis
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.