New EU rules on data protection were presented by Commission Vice-President Viviane Reding in January 2012. In this context, the British Chamber of Commerce in Belgium and Cambre Associates organized a breakfast briefing event in the European Parliament. The event was an occasion for Members of European Parliament (MEP) and industry to exchange views on what impact revised rules on data protection could have on competitiveness in Europe and various business models, as well as possible options for consideration by policy-makers. Over breakfast, debated key issues touched upon:
• How should the definition of personal data, the notion of consent, “codification” of the right to be forgotten, definition of profiling best be dealt with?
• What role is the European Parliament going to play to secure a competitive online business environment without unreasonable compliance costs while ensuring high protection of personal data and enhancing trust in online services?
• What main issues will the European Parliament fight for during the adoption of the revised rules to ensure a more efficient data protection framework, both for citizens and businesses?
The discussion outlined what the impact for business will be of the new data protection proposals. A revision of the 95 Data protection legislation was needed. He introduced the main elements of the new Data protection proposals. In future there will be 1 law that should bring legal certainty and overcome the current situation of fragmentation and barriers. Elements that should contribute are the limitation of burocracy, one-stop-shop, one single Data Protection Authority to deal with, use of binding corporate rules. The challenge will be to make the proposals work in practice. He welcomed any further input.
Another point raised during the discussion concerned the fact that there will be friction and risks of fragmentation because of potential conflicts between the regulation and the directive. One should relate the DP discussion within a wider context of free trade and competitive markets, the evolving technology developments ( example of profiling) and the risks this brings and the need to protect consumers, civil liberties, etc. Data protection is an old notion. It should not be seen as a technical measure but an invitation to companies to gain consumer thrust by respecting the consumer in his rights, and a means of further innovation. Need for global approach, allies like the USA, consumer protection rules & competition rules; data protection has economic consequences.
The discussion reflected an agreement on the importance of building trust, welcoming legislation (referred to similar steps in USA) and global interoperability (legislations should not look all the same but the goals should be shared). Legislation is not the ultimate solution. One should also need awareness raising amongst consumers and a predictable enforcement. The proof will be to what extend the legislation will bring harmonisation and better protection of the consumer. Particular attention should go to: creation of legal certainty (one-stop-shop), consistency, global harmonisation & interoperability, efficiency of the new rules and whether they deliver the seeked outcomes, system of breach notification. However, the concept of main establishment has to be further developed to make the lead DPA model a reality. Technology needs to integrate privacy and security from the start; this is connected to the aspect of trust, if users don’t trust devices and new technology, they won’t use it or in a way that doesn’t maximize its potential; two objectives were mentioned. First, the safe and free flow of data within the Single Market but also the global flow of data from and to Europe. Second, increased data protection.
During the discussion, the idea of data protection/consumer rights as a cornerstone for the knowledge economy, new technologies and an essential element of the new industrial era was supported. It could give a strong benefit to the EU as business area. Stressed that the new data protection system must be workable and there is a strong case for cooperation to come to an efficient result. Principles are a good basis but one should avoid too many descriptive rules. Context is essential in managing Data Protection and consumer rights.
The Q&A session focused on:
- the role and use of delegated acts and impact assessments
- the role of self-regulation, responsibility of business community in creating trust
- DPA discretionary power to investigate
- Pro-active industry engagement versus defensive attitude.
- Collective responsibility to minimize bad behaviour
- Detailed rules and sanctions
- Need for proportionality
Speakers: Axel Voss MEP, Sophie in’t Veld MEP, Christophe Luyckx – Public Policy Manager, Europe, Global Public Policy, INTEL CORPORATION, Zoltan Precsenyi – European Government Affairs Manager, Symantec
Topic: Revised data protection rules: impact for businesses?
Tuesday, 24 April 2012 from 08.00-09.30