Data Protection: at what cost to Europe?



On the occasion of the Data Protection Day on 28th January, a high level event was co-organised by the European Commission and the Council of Europe. A relevant guest was, however, missing: the Commissioner for Fundamental Rights, Viviane Reding. At that moment, she was participating at the World Economic Forum in Davos to address global economic decision makers.


Her message in Davos around “Justice for Growth” stressed that “Data Protection will ensure economic growth”. Is this a new line of arguments for the Commission with a view to the forthcoming review of the Data Protection Directive?


Commissioner Reding and her staff seem to realise Data Protection and Innovation shall go hand and hand and modernised clearer and simpler rules on Data Protection will help EU businesses competing in the global arena. Finally, the economic dimension of Data Protection is raised within the ongoing debates, and, this time, not only by businesses.


However, we have still a long way ahead. The discussion about free and informed consent versus prior and explicit consent is far from decided yet. Rules governing users’ consent to the processing of their personal data still need to be  clarified. In parallel, guidance is needed with a view to the implementation of the e-Privacy Directive (add link to the Directive 2009/136/EC?) and of its article 5.3. on cookies (opt-in / opt-out system). Industry has stressed repeatedly that a prior consent is not feasible in the digital environment.


As an example we could mention the paper on "Privacy regulation and Online Advertising". Based on this paper, the impact of European e-privacy regulation on the performance of European on-line advertising businesses cannot be ignored. Considering the key role of Behavioural Online Advertising in the development of new business models, EU policy makers should think carefully which kind of Data Protection for Europe: one which will impede EU businesses to compete in the global market, leaving then room only for non-EU based companies which in turn do not comply with EU privacy standards? Is this the right way to protect EU citizens and give the idea of data protection some real meaning?