In 1995 the EU adopted the Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) to regulate the processing of personal data within the European Union. However, in the last 15 years, globalization and technological progress have deeply changed the way data is collected, accessed and used. In addition, the 27 EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement.
For these reasons, and in order to strengthen online privacy rights and boost Europe's digital economy, the European Commission proposed on 25 January 2012 a draft European Data Protection Regulation that will supersede the 1995 EU Data Protection Directive. In words of the European Commission, “A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. The initiative will help to reinforce consumer confidence in online services, providing a much needed boost to growth, jobs and innovation in Europe.” The European Commission’s proposals will take effect 2 years after their adoption by the European Parliament and the Council.
Another relevant aspect of this issue is to take a global approach. Therefore, the dialogue with the US perspective is essential to find adequate ways to tackle an effective data protection reform.
Within this context, Commissioner Reding gave a key note speech at last week’s Annual Conference on Data Protection and participated at the Workshop organized by MEP Gallo (EPP-France-Opinion Rapporteur in Legal Affairs Committee).
In both events Reding stressed the importance of the ongoing Data Protection reform because of the economic and global dimensions of data protection. She justified 4 key aspects of the reform that should be good for business:
- Regulation (instead of a Directive) to achieve more harmonization in the EU
- One-stop-shop principle (designed to be simple and practical for companies)
- Consistency mechanism to ensure legal certainty
- Administrative sanctions (high sanctions as a deterrent for companies - “a robust administrative sanction system is needed to promote growth”)
Reding also referred to the concerns raised (by industry and Member States) on the administrative burden imposed by the Regulation and on the risk of a public/private sector split (Germany is asking that the public sector is “removed” from the scope of the Regulation). These two issues are high in the political agenda. She also justified the use to delegated and implementing acts as a way to avoid a too prescriptive Regulation. EC is analyzing every delegated/implementing act in order to see if they could be replaced by:
- More detail in the text
- The consistency mechanism
- Industry Codes of Conduct or
- by deleting the acts in its entirety
In any case, the alternatives should ensure that the Regulation keeps its technological neutrality and future proof nature, supplement but not amend the Regulation and ensure harmonization and legal certainty.
Bringing the US perspective, Willian Kennard, US Ambassador to the EU and former FCC Chairman, stressed the importance and urgency of the current EU reform to avoid uncertainty for the EU and US economies. He mentioned the stereotypes and misconceptions about the US legal system, “providing less protection that the EU” (eg.: Patriot Act). Kennard also mentioned the need for international interoperability which implies that different privacy frameworks can co-exist and referred as an example to the US/EU Safe Harbor Framework which facilitates interoperability between US and EU privacy systems. See Kennard’s full remarks here.
Telefónica believes that the ongoing reform is a unique opportunity to achieve the right balance between ensuring high standards of Data Protection and Privacy for European citizens while ensuring that innovation can flourish within a truly uniform single market.
A clear Data Protection framework will enable companies like Telefónica to innovate, therefore some adjustments to the current proposals are necessary and Telefónica has put forward its concrete suggestions on how this new framework should provide the required guarantees while being flexible enough for European companies to innovate.
We especially support the new territorial scope of the Proposals by which the same rules shall apply to all services offered to EU citizens regardless the geographical location of the service provider ("sale services, same rules") as well as the choice of the legal instrument (a Regulation) which will contribute to more harmonization.