Ecommerce Europe is currently defining its final position on the Data Protection regulation which has been issued in January by the European Commission. The General Data Protection Regulation envisions the reinforcement of individuals’ rights and to strengthen the functioning of the internal market on the internet.
Ecommerce Europe defined its policy regarding the Data Protection Regulation in its first Working Committee meeting in May, and is currently finishing a specialized position paper on the Data Protection Regulation. According to Ecommerce Europe, decision makers should focus on limiting administrative burdens, particularly for SMEs.
The proposed regulation should minimize the costs of compliance, since these costs will have the most impact on the companies affected. Furthermore, one single overarching EU data protection authority would be desirable.
The position paper states that ‘the right to be forgotten’ is very difficult to implement technically and should be kept out of the regulation. Article 6 of the General Data Protection regulation – which lays down the need for one consent from the data subject in order to process data – is vital. The right balance between data protection and innovative entrepreneurship must be struck.
Ecommerce Europe fears that Article 20 – which refers to the right of individuals not to be subject to an automated decision to process data – will create unacceptable uncertainty for web merchants. Ecommerce Europe emphasises the importance of profiling and states that this is a fundamental component of trade relations because controllers use personal data and ‘cookies’ for behavioural targeting and profiling.