The new Data Protection Regulation proposal developed by the EU will be applicable to European and foreign organisations and to those that, although not based in Spain, commercialise products and services targeted at European citizens.
The goal of this Regulation is the harmonisation of the Data Protection Regulations of the EU Member states and the non-member countries who want to commercialise their products and services within the EU.
The European companies will have to introduce and set corporate governance rules oriented to data protection risk management and legal compliance. Terms such as ‘accountability’, ‘privacy by design’ and ‘privacy by default’ will have an impact on the business processes that will have to be remodelled to comply with the European regulation.
Major changes, including the new position of the Data Protection Officer, the need to make consultations to the Data Protection Authorities, privacy-oriented certifications, security breach notifications, the right to be forgotten, data portability and others regarding the scope of sanction proceedings, will have a deep influence on the way companies organise themselves. It will therefore imply the need to carry out adaptation and corporate awareness tasks. Countries like Spain, Germany or France, where there is a widespread data protection culture, will be more prepared to adapt to this regulation.
On January 25th, 2012 the Regulation Proposal was published by the European Commission, and is currently under review by the European Parliament and the Council. This process could extend until 2014-2015. During this process, several contributions have been made to the regulation. MEP Jan Phillip Albercht drafted a report containing 350 amendments to the EC proposal in order to tighten the measures proposed. Article 29 Data Protection Working Party made some relevant amendments to favour the strengthening of the data protection regulation.
American tech companies, like Amazon or Ebay, and the American Chamber of Commerce have been proposing amendments that are being supported by lobbies. The controversy has arisen because the Europe versus Facebook group has claimed that the wording of the amendments propose by some MEPs has been copied, in some cases “word-for-word” from lobby reports.
Recently, North American representatives have stated that the European proposal is a form of European colonialism or trade war, because any non-European companies must comply in order to process European citizen’s data for the commercialisation of their products and services.
Despite the reactions the reform, of the Regulation moves forward as the European Commission Vice-President stated on March 7th at the Second Cloud Computing Annual Conference: “We want to open new growth opportunities that Europe needs, and at the same time, we want to make data protection an effective right for everybody … And I hope I can count on your support, too. To deliver what business wants. To deliver what citizens want. And to bring European data protection rules into the digital age.”
The battle of the Lobbies has just started. The end of this process will be verified which party has introduced their amendments in order to soften or strengthen the measures proposed regarding the right to be forgotten, the express consent or those allowing the consolidation of the personal data protection as a European citizen fundamental right.
Fernando Ramos is Intellectual Property and IT Director at Lener. He can be contacted at firstname.lastname@example.org