Data protection reform: more clarity needed for businesses

One of the hot topics of 2015 is the data protection and the revision of the General Data Protection Regulation.

Since the beginning of her mandate, the Commissioner for Justice, Consumers and Gender Equality Věra Jourová has made it clear that data protection reform is one of the top priorities both for her and for the whole Juncker’s Commission. For the Commission, the increased protection of personal data is one of the cornerstones for creating Digital Single Market in the EU that hides huge untapped potential for EU’s economy. The necessity and urgency of the reform is further supported by the Latvian Presidency of the Council of the EU, which announced its ambition to achieve general approach by the end of its mandate in June.

At the end of January, the European Parliament hosted a debate organised by the Federation of European Direct and Interactive Marketing (FEDMA) that focused on this topic and more specifically on one of the main issues of the reform: how to strike the right balance between the protection of personal data and the potential of data usage for businesses. The growing significance of personal data protection is also seen in increasing usage of tools that ensure higher level of privacy for internet users. MEP Anna Maria Corraza Bildt, Vice-Chair of the Committee on Internal Market and Consumer Protection stated that as for the Commission and Latvian presidency, data protection reform is the top priority also for the European Parliament, given that the final version of the legislation puts sufficient emphasis on privacy for EU citizens. She also acknowledged the current version of the proposal for including measures to increase children’s safety on the internet. Both the Commission and representatives of the private sector stressed that the regulation must not put excessive burden on businesses.

Data is the fuel of digital economy and it is expected that in 2015, big data technology and services will grow by several billion EUR; the EU should seize this opportunity in its endeavor to get the EU back on the track of economic growth. As mentioned by the European Data Protection Assistant Supervisor Wojciech Wiewiórowski, in 1995, when the first version of the data protection regulation was being prepared, businesses were afraid of it, but he is convinced that the legislative framework helped them in the end. He is sure that the same will happen with the new regulation. Self-regulatory principles and codes of conduct for various sectors should help businesses make the best use of the new legislation.

Furthermore, the proposal establishes the so-called one-stop-shop mechanism for businesses, providing that EU businesses will have to deal with only one supervisory authority instead of various ones for different member states. Due to this mechanism, companies should save both time and money when dealing with regulators while giving them higher legal certainty. However, according to EU businesses, the mechanism is not properly explained in the current proposal and creates confusion. Therefore, EU companies call for further clarification of the one-stop-shop principle, so that it is clear under which data protection authority each falls within.