EuroISPA High Level Statement on the Proposed General Data Protection Regulation
April 2, 2013
The changes in European data protection regulations, when adopted by the European process, must be directly implemented in member states. The regulations will impact providers of consumer electronic services which are delivered over the Internet and potentially, depending on detail of new requirements, the online experience of users of those services.
EuroISPA (of which ISPAI is a full Member) is strongly in favor of the review of the data protection framework. Our industry relies on an effective protection of personal data to build trust with users in our services. The protection of personal data is and will, in the future, increasingly be an important competition tool for businesses to compete with each other to gain consumers’ confidence by offering services that allow easier control and access to their personal data.
Below EuroISPA’s full statement:
EuroISPA High Level Statement on the General Data Protection Regulation
EuroISPA (of which ISPAI is a member) is strongly in favour of the review of the data protection framework.
Our industry relies on an effective protection of personal data to build trust with users in our services. The protection of personal data is and will, in the future, increasingly be an important competition tool for businesses to compete with each other to gain consumers’ confidence by offering services that allow easier control and access to their personal data.
We believe that any review should be geared to convertible, practical and flexible provisions that would add a real protection to the daily lives of consumers without stifling innovation.
Our members, big and small – medium European companies from various Member States, believe that some proposals in the Regulation, even if driven by laudable intentions, will ultimately lead to less protection of customers’ data and increased bureaucracy for everyone.
From our perspective, a too broad definition of personal data without a risk – based approach would cover even anonymised data, such as encrypted information, while not providing any exemptions. If all kinds of personal data are treated in the same way, including encrypted, pseudonymised, and otherwise protected data, the Regulation would miss an opportunity to provide a regulatory incentive and would result in less protection. Additionally, if every piece of information is considered personal data, users would continuously be presented with extensive consent requirements, impacting the customer experience without any added value for their protection.
EuroISPA fully supports the effort to ensure a fully harmonised and consistent framework, in particular when it comes to important definitions on main establishment, which will determine the responsible lead Data Protection Authority, and on the one – stop – shop mechanism, no room should be left to, interpretation which would inevitably jeopardise the application of the framework.
Finally, a proper implementation of the accountability principle should be guaranteed. Oliver Süme, Vice-President of EuroISPA stated, “The Regulation should focus on clear objectives and properly implement the “accountability principle” that was meant to be the corner – stone of the review. The accountability principle will guarantee that European businesses can meet the standards of protection fixed by the Regulation while choosing the most efficient way to also preserve innovation.”
We encourage European legislators not to miss the opportunity to create a future – proof revised framework. Without properly implementing these elements, the risk would exists to impede economic growth, jobs and innovation in Europe and also and to deprive consumers, who should ultimately benefit from the new framework, from an increased quality and choice of services and products.