As announced, on 25th January the European Commission adopted the long awaited proposals for review of the EU legal framework for Data Protection
The review package is composed by a Communication, a Regulation (which repeals the Directive 1995/46/EC), a Directive (which repeals the Council Framework Decision 2008/977/JHA, for the former third pillar matters, that means police and judicial cooperation in criminal matters), and a Report based on this Council Framework Decision.
Although the proposals have now to be adopted by the Council and the European Parliament following the co-decision procedure and a long process and many changes to the current texts are expected, the Commission’s proposals make significant steps towards:
- Leveling the playing field among all ICT players offering goods and services to citizens in the European Union as well as
- Responding to businesses’ and citizens’ needs for more harmonization in order to achieve a true digital single market.
The proposal for a Regulation introduces new obligations for the data controllers such as the new right to be forgotten, the right to data portability, the mandatory designation of a Data Protection Officer within companies, a mandatory obligation to notify security breaches (the ePrivacy Directive did already establish this obligation for e-communications services providers, now the Regulation extends this obligation to all sectors).
It also includes the processing of personal data of a child below 13 years that will require the authorization of the child's parent.
Additionally, the notion of consent is defined as "any freely given specific, informed and explicit indication by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed".
It is also relevant to highlight that the proposal includes in case of non-compliance with the rules, the infringing enterprise faces fines up to 2% of its annual turnover.
It is of outmost importance that the future rules on consent be consumer-friendly, practically applicable and adapted to the online world as new business models do rely on innovative ways of seeking consent. The future privacy rules in the EU need to strike the right balance between data protection and innovation.
Telefónica will continue to cooperate with the European institutions during the whole process bearing in mind this relevant objective.