Today’s European Data Privacy Day finds many European professionals in a limbo
state, while data protection agreements with the US have been suspended by a
European Court ruling. Customers as well as service providers that used to deal
with US based platforms have seen their services become “ilegal”. About the
“safe harbour” agreement, about data protection standards and its perils our
readers have submitted a series of questions to European Commissioner for
Justice, Consumers and Gender Equality,
Vera Jourova.
Questions have been submitted by Paz Matin, Head of Data Protection at Spanish
firm Herrero & Asociados, Jaime Garrido, managing partner at Visualiza Legal,
María Álvarez Caro, Manager Asuntos Públicos y Relaciones Institucionales de
Adigital (Asociación Española de la Economía Digital) and Miguel Recio,
IP/Data Protection & Cloud Computing Lawyer at
Global Data Protection Consulting..
The so called “Safe Harbor” agreement is right now suspended, due to the TJUE
sentence C-362/14. What kind of solutions is the EU Comission working on in
order to offer a frame work to service providers that deal with international
data transfer? When will we count on a definite solution for this problem?
Following the annulment of Safe Harbour by the European Court of Justice in
October, the Commission has stepped up negotiations with the US on a renewed and
safe framework on transfers of personal data across the Atlantic. Intense
negotiations are still ongoing, but we need an arrangement that protects
fundamental rights of Europeans and ensures legal certainty for businesses and
that will live up to the requirements of the Court ruling.
Considering that Europe forms part of the OECD and the Council of Europe, do you
think it would be possible to achieve a comprehensive, robust and adaptable
standard (to prevent that it becomes obsolete quickly) on the protection of
personal data? What would be the best international forum for maximum adhesion
and guarantees as well as legal security for both consumers, holders of personal
data, and to those working with this kind of data?
Data Protection is a fundamental right enshrined in the EU Charter of
Fundamental Rights. Citizens therefore deserve robust rules under EU law. In
addition, the Commission works to promote data protection standards
internationally, including in the Council of Europe and OECD fora. The
Commission also supports work on privacy at UN level.
The EU announced the revision of Directive 2002/58 / EC e-Privacy, as amended by
Directive 2009/136 / EC, underlining that it would undertake such a review once
the European Data Protection Regulation was approved. In June 2015 the EU
published a study in which it favors the extension of the typy of cookies that
might be exempt of prior informed consent, which would include cookies for Web
analytics. Somehow the proper EU has admitted that the regulation has not
achieved its goals. As we got to know the final draft of the GDPR, what kind of
changes about cookies will be introduced in order to comply with the GDPR?
Special rules which apply to electronic communications services (e-Privacy
Directive),
including cookies, will need to be adapted to the new framework on the
protection of personal data. We will launch a public consultation on the review
at the end of March and come with a review by the end of the year.
There are quite different cultural attitudes between the US and Europe when
considering data privacy. Where are right now the main differences between US
policies and European demands.
Data protection is a fundamental right in the EU, whereas the US tends to see it
essentially as a consumer protection issue. Having said that, privacy is also
part of the US constitutional tradition and therefore there is common ground to
build on. We should continue to build bridges between our systems as
transatlantic exchanges are essential for our economic and law enforcement
relationships.
European countries, especially the UK and France, are pushing forward more
wide-ranging surveillance rules. Will this influence the requirements of data
protection within Europe and condition as well the agreement with the US?
Targeted surveillance can prove necessary in the fight against terrorism and
organized crime. However, it must be proportionate and requires strong oversight
arrangements and remedies for individuals. The jurisprudence of the European
Court of Justice and the European Court of Human Rights on these issues is
relevant both for the EU Member States and for data transfers to the US.
Data protection is becoming a mayor issue for consumers. But generally speaking
they have not learned about Big Data yet. Analysis of a vast amount of data,
many of them personal, will turn customers, social network users and online
shoppers into a transparent person, with little space for privacy. What will the
future bring for customer protection?
The Data protection reform recently agreed in the EU will strengthen user's
rights and control over their data. It will require "data controllers" to
provide more information to individuals on how their data will be used and for
what purposes. This will empower individuals to make better choices about what
type of data processing they agree to (if they consider it beneficial) and what
types of processing they may wish to object to.