The legislation agreed in mid-December by Parliament and Council negotiators marks a crucial step forward in getting away with a calamitous patchwork of national laws on data protection. However, it contains a number of inconsistencies that could negatively affect Europe’s digital ambitions.
It took nearly 4 years of bitter negotiations for the EU to strike an agreement on a sweeping overhaul of its data protection rules. But it was worth it. The legislation agreed in mid-December by Parliament and Council negotiators marks a crucial step forward in getting away with Europe’s calamitous patchwork of national laws on data protection.
The previous EU rules dated back to 1995 and their varying interpretations by Member States have contributed to create significant regulatory uncertainty while hindering innovation in critical sectors of the economy.
However, the new General Data Protection Regulation (GDPR) is far from perfect. It still presents multiple critical aspects. For instance, it fails to create a level playing field for telecom operators.
Following its introduction, the electronic communications sector will be forced to abide by a twofold regulation, complying with both the new data protection legislation and the ePrivacy Directive.
If Europe is serious about supporting growth and innovation in its digital markets, this asymmetry should be addressed as soon as possible. Otherwise it will place yet another burden on a sector which has been hit hard in recent years by a slow economic recovery while being under pressure to invest more in digital networks in order to meet the EU broadband targets.
As many know, the on-going Internet evolution has been providing breeding grounds for several new telecom-like services (including OTT services) to grow.
The point is that, unlike traditional telecom providers, such services are not necessarily bound by the terms of the ePrivacy Directive, although they are functionally equivalent to one another.
As a consequence, different rules applying to equivalent services inevitably create unfair competition between telecom operators as well as legal uncertainty and general confusion among consumers.
In order for consumers to benefit from a consistent regulation, regardless of the service provider in question, a prompt revision of the ePrivacy Directive is thus required.
But the negative implications of the new regulation on data protection could be larger, stretching far beyond the telecoms sector.
DigitalEurope, the main association representing the digital technology industry in Europe, believes that the legislation fails to strike the proper balance between protecting citizens’ fundamental rights to privacy and the ability for businesses in Europe to become more competitive.
The text agreed upon between the European Commission, European Parliament and the Council of Ministers contains a number of stringent obligations that could be very costly for IT businesses, undermining their ability to invest, innovate and create jobs.
European businesses, traditionally less equipped to meet these obligations, could be hit hard. And, of course, this is in stark contrast with Europe’s ambitions to create a generation of home-grown global leaders in the tech sector.
Another matter of concern is the so-called is the compromise reached on the so-called “one-stop-shop”, according to which tech companies operating in different countries will deal with only one data-protection authority, namely where their European headquarter is based.
As Member states managed to weaken this principle, as recently reported by Reuters, some obervers believe that this will create more legal confusion and litiges (for instance, to determine what is the concerned national authority). Again: the bill for the companies could be very expensive.
Following the political agreement reached in trilogue, the final text of the data protection regulation will be formally adopted by the European Parliament and Council in a few weeks. Maybe there is still room to fix its inconsistencies.