EU Data Protection Watchdog proposes extra version of the Data Protection Regulation


The European Data Protection Supervisor – which is an independent supervisory authority devoted to protecting personal data and privacy – has recently taken the initiative of proposing its own version of the new Data Protection Regulation (DPR) text, next to the three versions currently negotiated in informal trialogues by the European Commission, the European Parliament and the Council of the EU.

An innovative step from the EDPS

The recommendations proposed by the EDPS have been drafted on the basis of the three texts under negotiations by the EU institutions. Nevertheless, the Supervisor has taken the innovative step of encouraging its own solution. “For the first time in a generation the EU has an opportunity to modernize, harmonize and simplify the rules on how personal information is handled. These rules must be relevant for the next generation of technologies. As part of my remit to be proactive and constructive, my recommendations aim to support the co-legislators to get a better deal (…)”, the Supervisor Giovanni Buttarelli declared. The EDPS has also launched an app that compares its suggestions to the three proposals.

Fines for non-compliance and collection of personal data: hot topics

The EDPS draft touches different hot topics. For instance, the EDPS version supports the European Parliament’s proposal for the maximum fines for non-compliance of 5% of a company’s annual sales, while the Council proposed a maximum fine of 2% of the annual turnover.

The Supervisor also pointed out that the collection of data for purposes other than the ones consumers first agreed to should not be allowed, while the text from the Council proposes that data can be processed for other purposes, if the data controller has a legitimate interest of doing so.

Ecommerce Europe’s recommendations

Ecommerce Europe fully supports the harmonization of the EU Data Protection legislation. However, the new Regulation should be implemented without causing unreasonable costs and/or administrative burdens for online merchants, and especially for the smaller ones.

For instance, the new rules should recognize the economic potential of recent technical developments in information collection and analysis, such as profiling and data driven marketing, which stimulate business innovation and provide opportunities for merchants to optimize personalization and further tailor their businesses to new consumer demands.

Ecommerce Europe advocates for a more balanced approach in the text, as the regulation should protect the individual without hampering the development of the e-commerce sector.

Next steps

The informal trialogues of the EU institution will continue after the summer break. The Luxembourg Presidency of the Council hopes to have an informal agreement with the other institution in October 2015. If the legislative process can be completed by end 2015 – beginning 2016, the Regulation could come into force in 2018. Ecommerce Europe will follow the process and stay closely in contact with policy makers in order to ensure that the interest of the e-commerce sector are taken into account.

To learn more about Ecommerce Europe’s recommendations for a balanced Data Protection Regulation, please read our last press release and the Ecommerce Europe Priority Paper 2015.