The European Data Protection Supervisor ("EDPS")
issued an Opinion on "coherent enforcement
of fundamental rights in the age of big data". This is an
update to the EDPS' Preliminary Opinion in 2014 on "Privacy
and competitiveness in the age of big data". The Preliminary
Opinion observed a tendency for EU rules of data protection,
consumer protection, and antitrust enforcement and merger control
to be applied in "silos". The new Opinion develops the
notion and suggests that the Digital Single Market Strategy
provides an opportunity for a "coherent approach", and
makes recommendations to support this.
New data-driven technologies and services are important for
economic growth, which have become reliant on the "covert
tracking" of individuals who are likely unaware of the
tracking. There is the danger that larger companies may be able to
block smaller companies from entering the market. This might also
have the knock-on effect of creating an imbalance between the
providers and consumers which may ultimately impact on choice,
innovation and the protection of their personal data.
When considering the rights and freedoms set out in the Charter
of Fundamental Rights of the EU – including the right to
privacy, the protection of personal data and freedom of expression
– it has been recognised that these rights are
"threatened by normative behaviour and standards that now
prevail in cyberspace." So the latest Opinion encourages
regulators to engage in dialogue and share lessons learned to work
collaboratively and uphold the interests of individuals and society
in the ever-growing digital environment.
The three key recommendations
1. "Better reflect the interests of the individual in big
The EDPS recognised that, historically, EU merger control rules
have focused on companies which meet certain turnover thresholds.
The EDPS supports greater scrutiny of proposed acquisitions of less
established digital companies, that may have collected large
quantities of personal data which have not yet been monetised. This
measure highlights the importance of personal data in digital
sector mergers; so much so, it has been recommended that the rules
should be interpreted, and at some point amended, to protect the
rights to privacy, data protection and freedom of expression.
2. "A digital enforcement clearing house"
The Digital Clearing House ("DCH") would provide a
platform for enforcement of EU rights in the digital sector,
allowing regulators to come together and discuss matters of common
interest, such as:
The most appropriate legal regime for pursuing particular cases
Regulatory solutions for certain markets where personal data is
a key input
Assessing the impact on an individual's rights and the
possibility of sanctions and available remedies
Identifying synergies and fostering cooperation between
enforcement bodies and their mutual understanding
3. "An EU values-based common area on the web"
The EDPS proposes an online "common area" where
individuals can interact without being tracked, and which respects
their privacy rights. The benefits would be that it is free of
charge and provides appropriate safeguards.
In the rise of Big Data technologies, this Opinion is a timely
reminder that these opportunities require protections to be put in
place so that an individual's fundamental rights remain
significant in this new digital age.
Will we see any change? In fact, we already have. On 29
September 2016, the EDPS and the European consumer organisation,
the BEUC, hosted a conference to discuss the future of freedom of
expression and privacy online and, specifically, the Opinion
findings. So this shows that regulators and experts are already
coming together to discuss these changes.
It is also promising to see that the recommendations are taking
effect, with the EDPS announcing the launch of a DCH; input on
where improvements could be made to the DCH has also been
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In light of the much anticipated ICO draft GDPR (the General Data Protection Regulation) Consent Guidance being published yesterday, 2 March 2017, we will be running a mini-series on the guidelines under consultation and the impact the GDPR will have on the much vexed position of consent and the impact on your business.
The first of our four discussions on the ICO guidelines for Consent will focus on the meaning of consent under the GDPR (General Data Protection Regulation) and how this change enhances the previous law on consent to data processing.
The fourth and final part of our mini-series on the draft ICO guidance on Consent, published on 2 March 2017, focuses on the practical impact the GDPR (General Data Protection Regulation) will have on how your organisation records and manages consent.
A fundamental aspect of all fair and lawful processing of personal data under the current data protection rules is the requirement for the party who is the data controller to meet one or more conditions ("the conditions for processing").
The second in our mini-series on the ICO guidance on Consent, published on 2 March 2017, focuses on how the changes to be introduced by the GDPR (General Data Protection Regulation) will impact upon your business and what you can do to pre-empt the changes before their introduction in May 2018.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).