Data Protection: Ecommerce Europe’s Top-10 Recommendations


Online merchants seek a more balanced regulatory framework that takes growth of and trust in (cross-border) e-commerce into full consideration. In advance to today’s vote on Data Protection, Ecommerce Europe – the association of e-tailers across Europe – has issued a new position paper presenting ten key recommendations to the European Parliament.

Ecommerce Europe calls on the Members of the European Parliament to adjust the current proposals in order to arrive at a more viable and balanced regulation that provides protection of data at reasonable costs. These ten adjustments are crucial for further growth of the e-commerce industry, representing 312 billion euro turnover in Europe (2012). Ecommerce Europe fully supports personal data protection, but this should go hand in hand with building on a safe and trustful single digital market and future flourishing of e-commerce as part of the overall EU economy.

Not all data should be considered as ´personal´

Personal data must be defined on the basis of a context- and risk based approach. Not all data are to be considered personal data. Current proposals demand ‘explicit consent’, which forms a huge hindrance to e-commerce and its future growth potential. Ecommerce Europe proposes to adjust this approach towards ‘unambiguous consent’. We strongly believe the option should remain open to have appropriate device settings, pre-ticked boxes and clearly communicated default options.

Web-shop profiling: good for business and consumers

Marketing through profiling should remain possible for web-shops, according to Ecommerce Europe. Profiling as such is not harmful for the data subject and is not an infringement of fundamental citizens’ rights. For commercial and non-profit organisations, profiling is a crucial marketing tool. It can be beneficial for consumers as well. Ecommerce Europe therefore proposes to narrow the scope of the current proposal on profiling and to limit it to negative or adverse effects on privacy.

Right to Data Portability and Right to be Forgotten are redundant

Ecommerce Europe questions the usefulness of the ‘right to data portability’ for the e-commerce sector as it will lead to additional costs for businesses and does not serve the fundamental citizens’ rights of data subjects. We recommend that this article is replaced by the right to obtain data and we propose that it is limited to social networks in particular. The definition of the ‘right to be forgotten’ is redundant and should be omitted from the new Regulation, states Ecommerce Europe.

The “Top 10” listing Ecommerce Europe’s recommendations for a more balanced Data Protection Regulation and related position on e-commerce in Europe can be downloaded here.

Download the Position Paper; Data Protection Processing and Free Movement of Data Recommendations for a Data Protection Regulation.