ETNO supports the choice of the legal instrument for the future Data Protection framework
Why is it important to have a Regulation?
ETNO welcomes the EU’s repeated commitment to maintaining Europe’s high standards in the protection of personal data while at the same time ensuring better harmonisation throughout the EU. Both of these aims are necessary to fully achieve the Internal Market.
Harmonisation can only be reached via a Regulation. Such a tool will contribute to achieving a level playing field within Europe with regards to data protection and to creating a consistent experience for European consumers. Therefore, ETNO fully supports the choice of a Regulation as the relevant legal instrument for the reform.
The main objective of the review should be to achieve the right balance between protecting the fundamental right to privacy and ensuring that innovation can flourish within a truly uniform single market.
Discrepancies generated by the implementation of the Data Protection Directive of 1995 are a good illustration of drawbacks that should be avoided. It is critical from the outset that we do not have a legal instrument that can be interpreted in different ways by Member States when being transposed into national law. A non-consistent application of privacy rules across Member States (as has been the case until now) is burdensome and not only for businesses that are providing equivalent services across different Member States (since they are required to maintain different compliance regimes which results in increased costs). More importantly, it is also negative for European citizens and consumers.
Therefore, the new legal framework must not leave any room for ambiguity. In order to improve privacy levels and support a consistent privacy experience for data subjects while reducing administrative burdens and cross-border restrictions, a Regulation should be maintained instead of a Directive.
A fully harmonised approach will facilitate the free movement of personal data and will also foster the necessary consumer trust and confidence to strengthen economic growth. The ongoing review is a unique opportunity to develop sound data protection rules which are technologically neutral, future-proof and flexible enough to allow for the development of new services in Europe.
To fully ensure the same level of protection, it is furthermore necessary to apply the same rules to all services offered to European consumers. As a consequence, ETNO very much welcomes the territorial scope of the proposed GDPR, recently endorsed by national Ministers.
Excluding the public sector from the scope of application of the Directive would not be justifiable, especially when the public sector competes with the private sector in the provision of certain services (eg: healthcare). A distinction between public and private sectors would distort the necessary level playing field between all actors and would be in contradiction with the objective of achieving a real Internal Market for Big Data and Cloud.
The public sector already is, and ETNO expects even more so the case in the future, a key player in the adoption and take up of Big Data and Cloud Computing services in the digital market. Maintaining aligned privacy rules for the public and private sectors would be:
- Beneficial for customers who would not have to cope with the complexity of a double regime;
- Beneficial for the ICT industry which could develop, produce and maintain services based on coherent privacy rules across both markets.
ETNO encourages the Council to explicitly endorse a Regulation as the adequate legal instrument for EU data protection rules in the XXI Century.