The European Data Protection Supervisor ("EDPS")
issued an Opinion on "coherent enforcement
of fundamental rights in the age of big data". This is an
update to the EDPS' Preliminary Opinion in 2014 on "Privacy
and competitiveness in the age of big data". The Preliminary
Opinion observed a tendency for EU rules of data protection,
consumer protection, and antitrust enforcement and merger control
to be applied in "silos". The new Opinion develops the
notion and suggests that the Digital Single Market Strategy
provides an opportunity for a "coherent approach", and
makes recommendations to support this.
New data-driven technologies and services are important for
economic growth, which have become reliant on the "covert
tracking" of individuals who are likely unaware of the
tracking. There is the danger that larger companies may be able to
block smaller companies from entering the market. This might also
have the knock-on effect of creating an imbalance between the
providers and consumers which may ultimately impact on choice,
innovation and the protection of their personal data.
When considering the rights and freedoms set out in the Charter
of Fundamental Rights of the EU – including the right to
privacy, the protection of personal data and freedom of expression
– it has been recognised that these rights are
"threatened by normative behaviour and standards that now
prevail in cyberspace." So the latest Opinion encourages
regulators to engage in dialogue and share lessons learned to work
collaboratively and uphold the interests of individuals and society
in the ever-growing digital environment.
The three key recommendations
1. "Better reflect the interests of the individual in big
The EDPS recognised that, historically, EU merger control rules
have focused on companies which meet certain turnover thresholds.
The EDPS supports greater scrutiny of proposed acquisitions of less
established digital companies, that may have collected large
quantities of personal data which have not yet been monetised. This
measure highlights the importance of personal data in digital
sector mergers; so much so, it has been recommended that the rules
should be interpreted, and at some point amended, to protect the
rights to privacy, data protection and freedom of expression.
2. "A digital enforcement clearing house"
The Digital Clearing House ("DCH") would provide a
platform for enforcement of EU rights in the digital sector,
allowing regulators to come together and discuss matters of common
interest, such as:
The most appropriate legal regime for pursuing particular cases
Regulatory solutions for certain markets where personal data is
a key input
Assessing the impact on an individual's rights and the
possibility of sanctions and available remedies
Identifying synergies and fostering cooperation between
enforcement bodies and their mutual understanding
3. "An EU values-based common area on the web"
The EDPS proposes an online "common area" where
individuals can interact without being tracked, and which respects
their privacy rights. The benefits would be that it is free of
charge and provides appropriate safeguards.
In the rise of Big Data technologies, this Opinion is a timely
reminder that these opportunities require protections to be put in
place so that an individual's fundamental rights remain
significant in this new digital age.
Will we see any change? In fact, we already have. On 29
September 2016, the EDPS and the European consumer organisation,
the BEUC, hosted a conference to discuss the future of freedom of
expression and privacy online and, specifically, the Opinion
findings. So this shows that regulators and experts are already
coming together to discuss these changes.
It is also promising to see that the recommendations are taking
effect, with the EDPS announcing the launch of a DCH; input on
where improvements could be made to the DCH has also been
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
As we enter 2017, 2018 doesn't seem that far away…and with the new GDPR due to come into effect from 25 May 2018, organisations are running out of time to ensure compliance with the new data protection requirements.
A recent High Court decision, TLT and others v Secretary of State for the Home Office  EWHC 2217 (QB) ("TLT v SoS"), paves the way for the greater recognition of distress in cases of data breaches and the misuse of private information.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).