The General Data Protection Regulation: State of play


In a press conference ahead of winter recess Member of the European Parliament Jan Philipp Albrecht, Rapporteur for the General Data Protection Regulation (GDPR), stated that the Coreper (the Committee of Permanent Representatives in the EU, made up of the head or deputy head of mission from the Member States in Brussels) confirmed the final compromise texts on the Regulation on 17 December 2015.

The EU Institutions’ perspective

All participants in the press conference from the European Parliament, the Council and the Commission agreed on the fact that the EU negotiators have reached a historic agreement on the data protection package. “We have met the European Council’s target of reaching an agreement by end of 2015. The GDPR will boost the Digital Single Market and the fundamental rights in the face of rapid technological change. More than 90% of EU citizens want the same data protection rights right across the EU.We have agreement that will make this reality. (…) Businesses will benefit greatly, a single set of rules across Europe will boost legal certainty”, declared the European Commissioner for Justice, Ms. Věra Jourová.

Ecommerce Europe’s perspective: Pro and Cons of the GDPR

On one hand, Ecommerce Europe notices that some provisions of the adopted text will be definitely beneficial for the e-commerce sector in Europe – such as the risk-based approach – but at the same time other provisions could expose online merchants to excessive administrative burdens. Ecommerce Europe is particularly glad to see that policy makers finally agreed on the principle of “unambiguous consent” for the processing of personal data. The principle of “explicit consent” would have had caused excessive burdens to merchants when processing non-sensitive personal data, without giving any extra protection to consumers. The exemption for small and medium businesses to appoint a Data Protection Officer where data processing is not their core business activity is another positive achievement for the e-commerce sector.

On the other hand, other provisions could effectively destroy a business and this is the case for the provision on sanctions. Companies violating the Regulation will face fines of up to 4% of their total worldwide annual turnover of the preceding financial year. Ecommerce Europe would have preferred to see fines limited to 2% maximum, and the maximum fine only applicable in the case of very severe and harmful infringements, which is not the case.

Next steps

After a legal-linguistic review of the text of the Regulation, the GDPR will be submitted for adoption by the Council and, subsequently, by the Parliament. The GDPR is likely to enter into force in spring 2018. Ecommerce Europe will continue following the legislative process and will ensure that the voices of online merchants are heard.

For a detailed overview of Ecommerce Europe’s recommendations on data protection and privacy, please click here to read the full position paper.