March 20, 2015
By Silvia Romano
Those watching the Data Protection Regulation (DPR) can breathe a sigh of relief now that EU Ministers have reached an agreement on a number of critical provisions of the proposal. However, more work remains to be done to achieve a robust and clear legislative framework which can effectively address the challenges presented by new technologies.
As customer data is a key driver for competitiveness, it is essential that Europe get this right, and that EU decision makers strike a balance between the protection of individuals’ personal data and the needs of European businesses.
Now more than ever, the Data Protection Regulation represents an opportunity for EU decision makers to position Europe as an exporter of Internet services, rather than an importer of American industries.
Recent compromise texts indicate that the arguments presented by European industry have been largely dismissed. While EU legislators are focused on a defensive approach towards American tech giants, the competitiveness of European Internet industries – smaller and weaker compared to their American counterparts – has been disregarded.
A defensive approach was also taken in the case of the Safe Harbour Agreement, the existing framework for transfers of European commercial data to the US. Instead of considering a constructive way of addressing the EU’s concerns, European decision makers were mainly focused on penalising American companies, disregarding the dramatic impact that the suspension of the agreement could have on European companies.
For the proposed Data Protection Regulation, the devil will be in the details decided during trialogue negotiations, and it is not too late for Europe to seize the opportunity to allow European industries to become leaders in the Internet sector.
The “One-Stop-Shop” mechanism – a tool meant to reduce European companies’ administrative burdens by establishing the principle of one authority and one decision to comply with – has been substantially distorted in the text adopted by Member States on 13 March that establishes a “One-Stop-Shop” on a case-by-case basis. This both contradicts the spirit of the Commission’s proposal and adds unnecessary bureaucracy preventing EU industries from achieving any potential benefit from the new rule compared to existing legislation.
The new Regulation was also expected to provide practical legal bases that protect internet users’ rights, avoid ‘consent fatigue’ and ensure legal certainty for companies- but these provisions have not yet been included.
The additional costs created by administrative burdens, legal uncertainty and fatigue for Internet users will have a very little impact on American tech giants. They can develop products and services on their home market in a much less regulated way, and then deploy these in Europe at their leisure. European innovators will not have that luxury and will be pushed out to Silicon Valley and China.
We believe that if the voice of European companies is ignored, the EU risks introducing legislation that will affect them negatively and disproportionately. European industries have raised their voice during the whole process and remain open to provide constructive views to discussions. This defensive approach is lose/lose for Internet industries as a whole, at the ultimate expense of European companies – in many cases SMEs and start-ups.
Fingers-crossed that during the upcoming inter-institutional negotiations EU legislators will succeed in striking a careful balance which allows for the establishment of a robust and future-proof regulatory framework to protect users’ rights without creating unnecessary burdens for industries.
Silvia Romano is a Senior Consultant for the Brussels’ office of Grayling, a public affairs consultancy. An Italian national, she works on a variety of public affairs advocacy campaigns in the fields of Digital Policy and International Trade.