As the Internet and technologies evolve, the number of risks is increasing and users want to know what is happening with the data they share on social sites, with their mobile applications or in other kind of online services. Due to the significant importance of data protection for all Europeans, including businesses, companies and citizens, the European Commission presented in January its proposal for a reform of the data protection law, which is not completely accepted by all stakeholders.
The proposal consists of a General Data Protection Regulation (GDPR) as well as a Directive, and both had generated several debates, discussions and questions since their presentation at the beginning of the year, explained Jan-Phillipp Albrecht, MEP and Rapporteur of the GDPR, during the 3rd Annual European Data Protection and Privacy Conference in Brussels.
“In Europe, data protection is a fundamental right and it's here to stay”, he said, adding that the new legislation must “be adjusted to the new challenges of the digital age.” Albrecht also highlighted that the GDPR will be clear and simple, based on previous rules to generate harmonisation within Member States.
The US Ambassador to the EU, William E. Kennard, also welcomed the new legal framework, by saying that both the US and the EU share two important values: privacy protection and the free flow of data. Besides, this is the perfect time to work towards a single digital marketplace, "we have an historic opportunity, policy makers on both sides of the Atlantic to work together to find common success", he stated.
But the welcoming was followed by comments considered “controversial” by the attendants. Kennard revealed that the US is concerned “to see that the draft regulation gives broad authority to the Commission to unilaterally prescribe technical standards for data protection (delegated and implementing acts), without the full participation of industry interests.”
According to him, “government-imposed standards often fail to keep up with technological developments and therefore have a tendency to slow down innovation.” The draft directive could have negative consequences on the EU Member States, the US and other countries, but this is not “the intent of anyone”, he continued.
Giving some examples, the Ambassador explained that the requirement of explicit consent of consumers is not feasible and that the implementation of the so-called Right to be Forgotten (article 17) could lead to “moral hazard, where defaulting parties demand that their credit histories be deleted, putting the European financial system at risk.”
Despite his point of view, Kennard stated that the US wants to work with the EU to achieve “global interoperability of data protection” and provide jobs, growth and good conditions for businesses to innovate in a global marketplace.
Christopher Graham, UK Information Commissioner, was also very clear with his words and said the regulation “it's sometimes over-prescribed and over-detailed but it's a modern text of best practice.” He added that British ICO welcomed that the Commission “appears to be listening” and highlighted that legislation should be concerned with “privacy, not process”. Besides, data protection officials shouldn't be considered as “ knee jerk enforcers.”
Viviane Reding, VP and Commissioner for Justice, Fundamental Rights and Citizenship, defended the important role of the proposal. "Good data protection rules are good for growth and society", she said, and added that one clear rule is needed to be implemented and create businesses across all Member States.
"Sanctions are needed to be the bite of the rules" and "business need to know responsibility is needed when handling data”, Reding said.
Maybe speakers don't agree in the way the new legislation will be enforced, but all of them concluded that data protection rules are needed to obtain citizens' confidence and to boost innovation in Europe.