Firms uneasy as EU data protection talks begin

Talks in Brussels designed to finalise new EU data protection rules kicked-off yesterday, just as opposition from enterprise to the incoming framework appears to be more tangible.

Meeting for the last stage of negotiations on the rules - the General Data Protection Regulation – was the European Parliament, the European Council and the European Commission.

Designed to settle issues such as consumer rights and the duties of businesses, the three-way talks are being held so the GDPR can be agreed and put in place before the end of this year.

Speaking before the meeting, the Institute of Directors signalled that those duties were too onerous, and hoped the aim of the talks was to “restore a workable balance to the proposals.”  

Pointing to the GDPR text agreed earlier this month by EU ministers, the IoD said it would “saddle businesses with a host of new liabilities,” make it difficult to do business and introduce “punitive fines.”

On behalf of 34,000 company directors, the institute also warns that the framework – designed to update data rules from 1995 – should not be used as an excuse to provide IT jobs.

“[The EU] Parliament must compromise and understand that the EU’s role is not to generate jobs in compliance, but help to foster a dynamic and entrepreneurial economy,” it said.

“A modern approach to data protection regulation is essential, but the current proposals are just another burden on businesses which threaten much-needed foreign investment”.

It is the obligations that GDPR puts on data ‘controllers’ and ‘processors’ - which may include IT contractors handling data for a client (a controller) - that concerns enterprise.

Controllers are equally alarmed at the ‘breach notification requirement’ and penalties for serious non-compliance of up to €100,000,000 (or 5% of annual worldwide turnover).

But GDPR’s supporters counter that it will give one single set of data protection rules for all businesses to follow (even those from outside the EU), not 28.

“It will also do away with unnecessary formalities such as notification procedures, reduce costs and apply modern concepts such as privacy by design,” said EU Justice Commissioner Věra Jourová, speaking after yesterday’s meeting.

She added: “It will ensure a high level of protection for citizens. It will equip them to exercise their fundamental rights in the digital world. This will increase their trust in the digital economy.”

But consumers are uneasy too. In fact, 67% of people surveyed by the Directorate General for Communication said they were concerned about not having complete control over the information they provide online.

Published this month, the findings of the survey add that a majority of people are concerned about the recording of their activities via payment cards and via mobile phones.

However after the so-called trilogue meeting, Commissioner Jourová cited some findings of her own – 89% of people want to have the same rights and protections over their personal data, regardless of the country in which the data controller is located.

Continuing to refer to a new poll by Eurobarometer, she said that seven out of ten people were concerned about their information being used for a different purpose from the one it was collected for.

“These findings clearly show that the data protection reform is as urgent today as it was three years ago when the commission first presented the proposal,” Jourová said.

“Internet use has increased further, and so has people's awareness as well as concern about the challenges to privacy. Trust is key, and it translates into euros and cents. We need to rebuild it, in order for our digital single market to succeed.”

As to how the meeting fared, the commissioner expects that more will be heard on explicit consent and incompatible further processing, but she reassured that “on the fundamentals,” the parliament, council and commission “see eye to eye.”

Jourová added: “I am confident that we can now deliver our new data protection rules to the European Union by the end of this year.”

Editor’s Note: Related Reading –

Surge in banks’ data breaches bodes well for IT contractors

What the EU’s Google ruling means for IT contractors

EU data directive ‘outdated’