[IAG-WHOIS conflicts] Subject: EU Council reaches general approach on the new data protection rules

Wed Jun 17 06:22:31 UTC 2015

> 
> Good morning:
> 
> For your information, please find below the reports on the results of the EU Council's deliberations regarding the proposed data protection Regulation, communicated by the ISOC European Bureau.
> 
> Regards
> 
> CW
> 
> 
> 
> 
>> 
>>  
>> ·         European Commission RAPID - Stronger data protection rules for Europe
>> ·         Latvian Presidency of the Council of the EU - Data protection: Council agrees on a general approach
>> ·         European Parliament Press - Data protection: Parliament’s negotiators welcome Council negotiating brief
>> ·         Greens/EFA Group - Ministers' agreement paves way for negotiations with EP
>> ·         BEUC - EU Justice Ministers decide on consumers’ privacy laws
>> ·         DIGITALEUROPE - EU Data Protection Reform: DIGITALEUROPE welcomes Council General Approach
>>  
>>  
>> European Commission RAPID - Stronger data protection rules for Europe
>>  
>> Date published: June 15 2015
>>  
>>  
>> Stronger data protection rules for Europe
>>  
>> More than 90% of Europeans are concerned about mobile apps collecting their data without their consent. Today, an important step was taken to finalise EU data protection rules to help restore that confidence.
>>  
>> Ministers in the Council reached a General Approach on the new data protection rules, confirming the approach taken in the Commission's proposal back in 2012 (see IP/12/46). The proposed rules received the backing of the European Parliament in March 2014 (MEMO/14/186).
>>  
>> How do EU data protection rules contribute to boosting the Digital Single Market?
>>  
>> Completing the Digital Single Market is one of the top priorities of the European Commission. The internet and digital technologies are transforming our world. But existing barriers online mean citizens miss out on goods and services, internet companies and start-ups have their horizons limited, and businesses and governments cannot fully benefit from digital tools.
>> With a fully functioning Digital Single Market, we can create up to €415 billion in additional growth, hundreds of thousands of new jobs, and a vibrant knowledge-based society (see IP/15/4919).
>>  
>> But if citizens do not trust online services, they will not benefit from all the opportunities presented by technology. Confidence is paramount, but it is still far from a reality.
>>  
>> Data protection reform will address this lack of trust. It will strengthen citizen’s rights such as the right to be forgotten, the right to data portability and the right to be informed of personal data breaches. The reform gives national regulators enforcement powers to ensure that these new rules are properly applied. They will be able to impose fines of up to 2% of a company’s annual worldwide turnover.
>>  
>> What are the main benefits of the EU Data Protection Reform?
>>  
>> The European Commission's proposals for a comprehensive reform of the EU's 1995 Data Protection Directive aim to strengthen privacy rights and boost Europe's digital economy. The Commission’s proposals update and modernise the principles enshrined in the 1995 Directive, bringing them into the digital age and building on the high level of data protection which has been in place in Europe since 1995. A clear definition of personal data will be established in the regulation to ensure harmonised implementation of the rules across the EU. The legislation is technologically neutral: this means that it will not go out of date, enabling innovation to continue to thrive under the new rules.
>>  
>> What are the main benefits for citizens?
>>  
>> The data protection reform will strengthen citizens' rights and thereby help restore trust. Nine out of ten Europeans say they are concerned about mobile apps collecting their data without their consent; seven out of ten are concerned about the potential use that companies may make of the information disclosed.
>>  
>> The new rules will put citizens back in control of their data, notably through:
>> A right to be forgotten: When you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted. This is about empowering individuals, not about erasing past events or restricting freedom of the press (see section on right to be forgotten for more details).
>> Easier access to your own data: Individuals will have more information on how their data is processed and this information should be available in a clear and understandable way. Moreover, a right to data portability will make it easier for you to transfer your personal data between service providers.
>> The right to know when your data has been hacked: For example, companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours) so that users can take appropriate measures.
>> 
>> Data protection first, not an afterthought: ‘Data protection by design’ and ‘Data protection by default’ will also become essential principles in EU data protection rules – this means that data protection safeguards should be built into products and services from the earliest stage of development, and that privacy-friendly default settings should be the norm – for example on social networks or mobile apps.
>>  
>> What are the benefits for businesses?
>>  
>> Data is the currency of today's digital economy. Collected, analysed and moved across the globe, personal data has acquired enormous economic significance. According to some estimates, the value of European citizens' personal data has the potential to grow to nearly €1 trillion annually by 2020. Strengthening Europe’s high standards of data protection is a business opportunity.
>>  
>> The European Commission's data protection reform will help the digital single market realise this potential, notably through four main innovations:
>> One continent, one law: The Regulation will establish a single, pan-European law for data protection, replacing the current inconsistent patchwork of national laws. Companies will deal with one law, not 28. The benefits are estimated at €2.3 billion per year.
>> One-stop-shop: The Regulation will establish a 'one-stop-shop' for businesses: companies will only have to deal with one single supervisory authority, not 28, making it simpler and cheaper for companies to do business in the EU; and easier, swifter and more efficient for citizens to get their personal data protected.
>> The same rules for all companies – regardless of where they are established: Today European companies have to adhere to stricter standards than companies established outside the EU but also doing business on our Single Market. With the reform, companies based outside of Europe will have to apply the same rules. We are creating a level-playing field. Moreover rules for international transfers of data are streamlined, through simplified approval of binding corporate rules. This will foster international trade while ensuring continuity of protection for personal data.
>> European regulators will be equipped with strong enforcement powers: data protection authorities will be able to fine companies who do not comply with EU rules up to 2% of their global annual turnover. The European Parliament has even proposed to raise the possible sanctions to 5%.
>>  
>> What are the benefits for SMEs?
>>  
>> The data protection reform is geared towards stimulating economic growth by cutting costs and red tape for European business, especially for small and medium enterprises (SMEs). First, by having one rule instead of 28, the EU's data protection reform will help SMEs break into new markets. Second, the Commission has proposed to exempt SMEs from several provisions of the Data Protection Regulation – whereas today's 1995 Data Protection Directive applies to all European companies, regardless of their size. Under the new rules, SMEs will benefit from four reductions in red tape:
>> Data Protection Officers: SMEs are exempt from the obligation to appoint a data protection officer insofar as data processing is not their core business activity.
>> No more notifications: Notifications to supervisory authorities are a formality and red tape that represents a cost for business of €130 million every year. The reform will scrap these entirely.
>> Every penny counts: Where requests to access data are manifestly unfounded or excessive, SMEs will be able to charge a fee for providing access.
>> Impact Assessments: SMEs will have no obligation to carry out an impact assessment unless there is a specific risk.
>>  
>> The rules will also be flexible. The EU rules will adequately and correctly take into account risk. In a number of cases, the obligations of data controllers and processors are calibrated to the size of the business and to the nature of the data being processed.
>>  
>> What is the "consistency mechanism" proposed in the EU data protection reform?
>>  
>> Within a single market for data, identical rules on paper will not be enough. We have to ensure that the rules are interpreted and applied in the same way everywhere. That is why our reform introduces a consistency mechanism to streamline cooperation between the data protection authorities on issues with implications for all of Europe.
>>  
>> What is the one-stop shop and how does it work?
>>  
>> At present, a company processing data in the EU has to deal with 28 national laws and with even more national and local regulators.
>>  
>> For businesses
>>  
>> The regulation will create a regulatory “one-stop shop” for business: companies will only have to deal with one supervisory authority, not 28.
>>  
>> The flaws of the present system were illustrated in the Google Street View case. The actions of a single company affected individuals in several Member States in the same way. Yet they prompted uncoordinated and divergent responses from national data protection authorities.
>>  
>> The one-stop shop will ensure legal certainty for businesses operating throughout the EU and bring benefits for individuals and data protection authorities.
>>  
>> Businesses will profit from faster decisions, from one single interlocutor (eliminating multiple contact points), and from less red tape. They will benefit from consistency of decisions where the same processing activity takes place in several Member States.
>>  
>> For citizens
>>  
>> With the new rules, individuals will always be able to go to their local data protection authority. The aim is to improve the current system in which individuals living in one Member State have to lodge a complaint with a data protection authority of another Member State, where the company is based. At the moment, when a business is established in one Member State, only the Data Protection Authority of that Member State is competent, even if the business is processing data across Europe.
>>  
>> This makes it simpler for citizens – who will only have to deal with the data protection authority in their member state, in their own language. The proposal gives citizens the right to take a company processing their data to court in their home Member State. Everyone therefore have a right of administrative and judicial redress.
>>  
>> How will the regulation work in practice?
>>  
>> Example 1: a multinational company with several establishments in EU Member States has an online navigation and mapping system across Europe. This system collects images of all private and public buildings, and may also take pictures of individuals.
>>  
>> With the current rules:
>> The data protection safeguards upon data controllers vary substantially from one Member State to another. In one Member State, the deployment of this service led to a major public and political outcry, and some aspects of it were considered to be unlawful. The company then offered additional guarantees and safeguards to the individuals residing in that Member State after negotiation with the competent DPA, however the company refused to commit to offer the same additional guarantees to individuals in other Member States.
>> Currently, data controllers operating across borders need to spend time and money (for legal advice, and to prepare the required forms or documents) to comply with different, and sometimes contradictory, obligations.
>>  
>> With the new rules:
>> The new rules will establish a single, pan-European law for data protection, replacing the current inconsistent patchwork of national laws. Any company - regardless of whether it is established in the EU or not - will have to apply EU data protection law should they wish to offer their services in the EU.
>>  
>> Example 2: a small advertising company wants to expand its activities from France to Germany.
>>  
>> With the current rules:
>> Its data processing activities will be subject to a separate set of rules in Germany and the company will have to deal with a new regulator. The costs of obtaining legal advice and adjusting business models in order to enter this new market may be prohibitive. For example, some Member States charge notification fees for processing data.
>>  
>> With the new rules:
>> The new data protection rules will scrap all notification obligations and the costs associated with these. The aim of the data protection regulation is to remove obstacles to cross-border trade.
>>  
>> How does the Council confirm the Commission's approach?
>>  
>> The Council agrees upon many of the fundamental pillars of the Commission's proposal:
>>  
>> One continent, one law
>>  
>> The Council agrees that the new data protection law for the private and public sector should be a Regulation, and no longer a Directive. The Regulation will establish a single, pan-European law for data protection meaning that companies can simply deal with one law, not 28. The new rules will bring benefits of an estimated €2.3 billion per year.
>>  
>> Non-European companies will have to respect European data protection law if they operate on the European market
>>  
>> For a strong European digital industry to compete globally we need a level-playing field. Non-European companies, when offering services to European consumers, will have to apply the same rules and adhere to the same levels of protection of personal data. The reasoning is simple: if companies outside Europe want to take advantage of the European market and its more than 500 million potential customers, then they have to play by the European rules.
>>  
>> The Council confirmed this important principle.
>>  
>> Stronger rights for citizens, including the right to be forgotten
>>  
>> The new rules will give citizens stronger rights, ensuring that citizens can be in control of their own personal data. The right to be forgotten builds on already existing rules to better cope with data protection risks online – in particular, the right to erasure. Citizens should be in a position to protect the privacy of their data by choosing whether or not to provide it. It is therefore important to empower EU individuals, particularly teenagers, to be in control of their own identity online. If an individual no longer wants his or her personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system.
>>  
>> The right to be forgotten is of course not an absolute right. There are cases where there is a legitimate reason to keep data in a database. The archives of a newspaper are a good example. It is clear that the right to be forgotten cannot amount to a right to re-write or erase history. Neither must the right to be forgotten take precedence over freedom of expression or freedom of the media. The legislation concerning the right to be forgotten includes an explicit provision that ensures it does not encroach on the freedom of expression and information.
>>  
>> The Council endorses the right to be forgotten.
>>  
>> A "One-stop shop" for businesses and citizens
>>  
>> The "one-stop shop" is about simplification:
>> - it makes it simpler for businesses established and operating in several Member States. They will only have to deal with a single national data protection authority, in the country where they have their main base: one interlocutor, not 28.
>> - it also makes it simpler for citizens who will only have to deal with the data protection authority in their member state, in their own language.
>>  
>> Effective sanctions
>>  
>> The Council agrees that national data protection authorities need to be able to impose effective sanctions in case of breach of the law. It has maintained the Commission's proposal that fines going up to €1 million, or, in case of a company, 2% of the annual worldwide turnover of that company can be applied.
>>  
>> For more information:
>> IP/15/5176
>>  
>>  
>> Source: http://europa.eu/rapid/press-release_MEMO-15-5170_en.htm
>>  
>>  
>> Latvian Presidency of the Council of the EU - Data protection: Council agrees on a general approach
>> On 15 June 2015, the Council reached a general approach on the general data protection regulation that establishes rules adapted to the digital era. The twin aims of this regulation are to enhance the level of personal data protection for individuals and to increase business opportunities in the Digital Single Market.
>> Latvia's minister for justice Dzintars Rasnačs said: "Today we have moved a great step closer to modernised and harmonised data protection framework for the European Union. I am very content that after more than 3 years of negotiations we have finally found a compromise on the text. The new data protection regulation, adapted to the needs of the digital age, will strengthen individual rights of our citizens and ensure a high standard of protection."
>> A general approach means that the Council has a political agreement on the basis of which it can now begin negotiations with the European Parliament with a view to reaching overall agreement on new EU data protection rules. A first trilogue with the Parliament is planned for 24 June 2015.
>> "I salute the readiness of the European Parliament to start the trilogue negotiations already next week. Hopefully we will come to the final agreement rapidly so that our citizens can enjoy the benefits of the reform as soon as possible", said Latvia's minister for justice Dzintars Rasnačs.
>> The incoming Luxembourg Presidency indicated that, in parallel to the negotiations on the regulation, works on the data protection directive in the law enforcement area would be accelerated with the aim to find a general approach in October.
>> Main elements of the agreement
>> An enhanced level of data protection
>> Personal data must be collected and processed lawfully under strict conditions and for a legitimate purpose. Data controllers (those responsible for the processing of data) must respect specific rules, such as the requirement for unambiguous consent by the data subject (the individual whose personal data is being processed), in order to be allowed to process personal data.
>> Strengthened data protection rights give data subjects more control over their personal data:
>> easier access to their data.
>> more detailed information about what happens to their personal data once they decide to share it: data controllers must be more transparent about how personal data is handled, for example by informing individuals about their privacy policy in clear and plain language.
>> a right to erasure of personal data and "to be forgotten", enabling anyone for example to require that a service provider remove, without delay, personal data collected when that individual was a child.
>> a right to portability enabling easier transmission of personal data from one service provider, for instance a social network, to another. This will also increase competition among service providers.
>> 
>> limits to the use of 'profiling', i.e. automated processing of personal data to assess personal aspects, such as performance at work, economic situation, health, personal preferences etc.
>> To ensure improved legal redress, data subjects will be able to have any decision of their data protection authority reviewed by their national court, irrespective of the member state in which the data controller is established.
>> Increased business opportunities in the Digital Single Market
>> A single set of rules, valid across the EU and applicable both to European and non European companies offering their on-line services in the EU will prevent conflicting national data protection rules from disrupting cross-border exchanges of data. Moreover, increased cooperation between the supervisory authorities in the member states will ensure coherent application of those rules throughout the EU. This will create fair competition and encourage companies, especially small and medium-sized enterprises, to get the most out of the Digital Single Market.
>> To reduce costs and provide legal certainty, in important transnational cases where several national supervisory authorities are involved, a single supervisory decision will be taken. This one-stop-shop mechanism will allow a company with subsidiaries in several member states to limit its contacts to the data protection authority in the member state where it is established.
>> In order to reduce compliance costs, data controllers can, on the basis of an assessment of the risk involved in their processing of personal data, define risk levels and put in place measures in line with those levels.
>> More and better tools to enforce compliance with the data protection rules
>> Increasing responsibility and accountability of data controllers will improve compliance with the new data protection rules. Data controllers must implement appropriate security measures and provide, without undue delay, notification of personal data breaches to the supervisory authority as well as to those significantly affected by the breach. Controllers and processors may designate data protection officers in their organisation. Moreover, Union or national law can require them to do so.
>> Data subjects, as well as, under certain conditions, data protection organisations can lodge a complaint with a supervisory authority or seek judicial remedy in cases where data protection rules are not respected. Furthermore, when such cases are confirmed, data controllers face fines of up to €1 million or 2% of their global annual turnover.
>> Guarantees regarding transfers of personal data outside the EU
>> The protection of transfers of personal data to third countries and international organisations is ensured through adequacy decisions. The Commission, with the involvement of member states and the European Parliament, is competent to decide whether the level of data protection offered by a third country or an international organization is adequate. In cases where no such decision has been taken, the transfer of personal data may only take place if the appropriate safeguards (standard data protection clauses, binding corporate rules, contractual clauses) are in place.
>> Source: https://eu2015.lv/news/media-releases/2225-data-protection-council-agrees-on-a-general-approach
>>  
>>  
>> European Parliament Press - Data protection: Parliament’s negotiators welcome Council negotiating brief
>>  
>> Parliament looks forward to starting talks with ministers soon on reform to give the EU high common standards of data protection fit for the digital era, said its key negotiators on Monday, welcoming the Council's announcement that it had approved its negotiating mandate. The first meeting between the institutions is scheduled for 24 June and will be followed by a joint press conference.
>>  
>> The European Parliament adopted its negotiating position in March 2014 and has since been waiting for Council to agree on its own mandate to open talks on the final text.
>>  
>> Reacting to the news of the ministers’ agreement, Parliament's lead MEP on the data protection regulation, Jan Philipp Albrecht (Greens, DE) said:
>>  
>> "After over a year of stalling, it is encouraging that we can finally push ahead with the EU data protection reform and that Parliament can begin negotiations with the Council.
>> The challenge is now to reconcile the two sides, to ensure that the reform provides reliable and high common standards of data protection, and reach an agreement on this before the end of the year.
>> There are clearly differences, notably on consumer rights and the duties of businesses. However, if we can negotiate constructively and pragmatically, it should be possible to deliver a compromise acceptable to both sides within the timeframe. This outcome would benefit everyone and show that the EU takes the concerns of its citizens in the digital age seriously."
>>  
>> Civil Liberties Committee Chair Claude Moraes (S&D, UK), who will be chairing the talks with Council and Commission, added:
>>  
>> "It has now been over one year since the Parliament has adopted its mandate for the negotiations on the Data Protection Regulation proving its commitment to improving the standards of data protection. Since then, we have continually called for the Council to adopt its own position ("General Approach") so that negotiations can begin to improve current legislation both for EU citizens and business. As it stands, EU legislation on data protection dates back to 1995, a time where internet access, smart phones or social media were not a part of daily life as they are today.
>> Despite the difficult negotiations involved, the Parliament, led by the Rapporteur Jan Albrecht, will work towards finding a swift agreement on the Data Protection Regulation by the end of 2015 which will set out a robust, modern, consistent and higher level of protection for the years to come. As Chair of the Civil Liberties, Justice and Home Affairs Committee I would also urge the Council to ensure that they find agreement on the Data Protection Directive for law enforcement by October 2015 as the Parliament’s position has always been clear that we treat both proposals as a package"
>> Read more about Parliament's priorities and negotiation mandate in this Q&A.
>> Next steps
>> The first three-way talks between Parliament, Council and Commission are to be held in the European Parliament on 24 June.. After the meeting, there will be a joint press conference by the three institutions at 14.00 (tbc).
>>  
>> Background for editors
>>  
>> The data protection regulation is part of a package which also includes a directive. The two legislative proposals were presented by the European Commission in January 2012.
>>  
>> Parliament’s negotiating brief was approved by its Civil Liberties Committee in October 2013, and endorsed by Parliament as a whole in March 2014.
>>  
>> Since then, Parliament has been waiting for member states to agree "general approach" among themselves in order to begin the final talks.
>>  
>> MEPs have many times called on the Council to move forward on the package, stressing the need to update EU data protection rules without further delay, so as to give citizens the standards of data protection needed in the digital era.
>>  
>> MEPs have also stressed the need to set a uniform standard of data protection in all EU legislation, but especially the European Police Office (EUROPOL) regulation, currently under negotiation, and an EU Passenger Name Record scheme.
>>  
>> Member states also need to agree a general approach on the directive.
>>  
>>  
>> Greens/EFA Group - Ministers' agreement paves way for negotiations with EP
>>  
>> EU justice and home affairs ministers today adopted a common position on the draft EU legislation on data protection at their Council meeting. Following the decision, it was decided that legislative negotiations with the European Parliament will begin on 24 June (1). Commenting on the situation, Green MEP Jan Philipp Albrecht, the European Parliament's draftsman/rapporteur on the data protection regulation, said: 
>>  
>> "After over a year of stalling, it is encouraging that we can finally push ahead with the EU data protection reform and that the parliament can begin negotiations with the Council. The challenge is now to reconcile the two different sides to ensure the reform provides reliable and high common standards of data protection, and reach an agreement on this before the end of the year. There are clearly differences, notably as regards the rights afforded to consumers and duties to be fulfilled by businesses. However, if we can engage in constructive and pragmatic negotiations, it should be possible to reach a compromise acceptable to both sides in that timeframe. This would be a result for all sides and show that the EU is taking the concerns of its citizens in the digital age seriously."
>>  
>> (1)    The negotiations between the European Parliament, Council and Commission (trilogue) will begin on 24 June with a first meeting at 12.30 (for around 1 ½ hours). Directly afterwards, there will be a press conference with EP draftsperson Jan Philipp Albrecht, EU commissioner Vera Jourova and the current and coming EU presidencies on the roadmap for the negotiations. A separate invitation will be sent for this.
>>  
>> Source: http://www.greens-efa.eu/eu-data-protection-rules-14167.html
>>  
>>  
>> BEUC - EU Justice Ministers decide on consumers’ privacy laws
>>  
>>  
>> Questions of how consumers’ personal data is gathered, used, monetised, if and how it is protected have become crucial in ‘big data’ driven economies. 
>>  
>> The EU is currently overhauling its 1995 legal framework with a General Data Protection Regulation which will apply to all companies (including online) targeting users in Europe. The Council of Justice Ministers agreed its general approach to this Regulation, Monday June 15.
>>  
>> Key measures at stake include:
>>  
>> ·         Closing loopholes – Businesses’ “legitimate grounds” for retaining information must not become the legal means to bypass fundamental data protection principles such as “purpose limitation” and “data minimisation” when processing consumers’ information.
>> ·         Profiling – MEPs and consumers’ called for a right not to be subject to profiling i.e. when personal data is gathered, processed and cross-referenced to create a detailed image of an individual. Profiling of children must be expressly prohibited.
>> ·         Ensuring access to redress – With large scale data protection law breaches, it must be made possible for victims to collectively claim redress and act on their rights. BEUC and the European Parliament agree this is a key remedy.
>> ·         Scope of protection – The legal meaning of “personal data” must not be narrowed. It must include any information allowing identification of a subject e.g. location data or IP address.
>>  
>> Monique Goyens, Director General of The European Consumer Organisation said:
>>                                                                                                    
>> “The EU is, and should continue to be, a world leader of privacy and data protection standards. But the need to modernise is urgent. EU laws are now lagging behind the pace of technologies and business practices. Our personal data is collected, then used and transferred in ways which most consumers are oblivious to. An appropriate update must put control of personal data back in the hands of European consumers.
>>  
>> “This new regulation is the opportunity to close gaps, ensure robust standards and stipulate that EU laws apply to all businesses operating here. It’s a source of concern that in some important instances the Council has deviated from the original aims of the reform and the principles which should be guiding it. We must ensure business opportunities presented by ‘big data’ do not result in an erosion of consumer rights. Getting it right is vital for Europe’s Digital Single Market.
>>  
>> “70% of Europeans are concerned companies use their personal data for other purposes than for which it was collected, while 67% believe there is no alternative to disclosing personal information if they want to obtain products or services.
>>  
>> Companies must stop seeing consumers as commodities, but instead as citizens with legal rights whose trust needs earning. In Europe, the concept of privacy is not a trend nor should companies view it as an inconvenience better off ignored. It is a longstanding fundamental right, one which must be made fully applicable to the digital world.”
>>  
>>  
>>  
>> DIGITALEUROPE - EU Data Protection Reform: DIGITALEUROPE welcomes Council General Approach
>>  
>> DIGITALEUROPE welcomes today’s adoption of a General Approach on the General Data Protection Regulation by Justice and Home Affairs Ministers during their meeting in Luxembourg.
>> The text adopted by Ministers ends a protracted debate among Member States and opens the door for the start of the final trilogue negotiations with the European Parliament and European Commission. 
>>  
>> “We applaud the hard work of the Latvian Presidency and urge the incoming Luxembourg Presidency to continue the momentum as we move into a new challenging phase of negotiations with the Parliament,” said John Higgins, Director General of DIGITALEUROPE.
>>  
>> Many important issues must be addressed during the upcoming trilogue discussions. DIGITALEUROPE continues to emphasise the need for the adoption of a coherent and consistent text that will create a set of single, harmonised and modern data protection rules for Europe’s data economy.
>>  
>> Questions still remain on numerous topics including the implementation of a functioning one-stop-shop, the clear allocation of roles and responsibilities between data controllers and data processors, the introduction of a true ‘risk-based approach’, and a balanced view on profiling.
>>  
>> “DIGITALEUROPE encourages all institutions to work together to adopt a regulation that is future proof, flexible and harmonised across the 28 member states of the EU,” he added.
>>  
>> Europe needs a data protection regulation that allows it to embrace the data-driven innovations that are helping transform the economy, while at the same time granting enough protection to personal data to ensure that citizens trust the technologies.
>>  
>> The trilogues will be of immense importance as this file can either act as an obstacle to the digital economy, if it fails to create legal certainty, or a catalyst for Europe’s data economy, if it does provide that legal certainty.
>>  
>> “As we move closer to the trilogue discussion the regulation could go either way,” Mr Higgins said.
>>  
>> Source: http://www.digitaleurope.org/DesktopModules/Bring2mind/DMX/Download.aspx?Command=Core_Download&EntryId=979&PortalId=0&TabId=353
>>  
>>  
>>  
>>  
>> 
>> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/whois-iag-volunteers/attachments/20150617/eae2717d/attachment-0001.html>