Editorial Director: Giusella Finocchiaro
Web Content Manager: Giulia Giapponesi

posted by admin on dicembre 15, 2017

Privacy

(No comments)

The European Parliament has endorsed the opening of negotiations between the Parliament itself and the Council concerning the procedure for adopting the proposal for the Regulation on Privacy and Electronic Communications.

The current directive on e-Privacy was last reviewed in 2009 and the proposal for review, which was submitted on the 10th January 2017, replaces this directive with a Regulation which complements and particularises the European framework on data protection bringing it into line with the General Data Protection Regulation (“GDPR”) which will apply from 25th May 2018.

The Regulation on Privacy and Electronic Communications submitted by the Commission, will increase the protection of people’s private life and open up new opportunities for business. The measures presented aim at revising current rules, extending the scope to all communication service providers. The rules on privacy will now also apply to new operators who provide electronic communication services, such as WhatsApp, Facebook Messenger, Skype, Gmail, iMessage and Viber. The current e-Privacy Directive, which now only applies to traditional communication service providers, will be updated.

The objective is to increase trust in and the security of the Digital Single Market striking the right balance between a high level of protection for consumers and the opportunity for businesses to innovate. In addition, the proposal provides that personal data processing carried out by European institutions and bodies will ensure the same level of protection as that guaranteed by single Member States, as laid down in the General Data Protection Regulation (GDPR) and it defines a strategic approach to questions regarding the cross-border transfer of personal data.

 

 

posted by admin on novembre 15, 2017

Accountability, Privacy

(No comments)

The following is an analysis of a proposal for a regulation “for a framework on the free flow of non-personal data in the European Union”.

The objective of the regulation is the liberalisation of data flows. It is worth noting that this liberalisation suffers from two intrinsic limitations in the proposal: on the one hand it only refers to non-personal data, which, for clear reasons of consistency, are defined as “data other than those defined in art. 4, Regulation EU 2016/679”; and on the other hand it solely pertains to the movement of data within the European Union borders, whereas it in no way affects the exchange of data outside the Union.

The Commission identifies two main obstacles to businesses and public administrations having full freedom to choose the location where they store and manage their data.

The first obstacle is represented by the unjustified restrictions on data localisation imposed by public authorities in Member States. Over the years, the reasons which have moved Member States to impose the mandatory local storage of their data on national businesses and public administrations, include maintaining higher levels of security and facilitating easier monitoring by national authorities. For example, this includes the storage measures for financial statements and accounting data provided for in Germany, Denmark, Belgium and other northern European countries, which require that data be filed within national borders. In the same way, in countries such as Bulgaria, Poland and Romania data localisation requirements are imposed on winnings and user transactions. In Bulgaria for example, an applicant for a gaming license must assure that all data related to operations in Bulgaria is retained on a server located within the country. In addition, even when no specific territorial restriction is in place, business practice and common sense have in any case led in the direction of favouring localised data storage, turning down the chance of alternative cross- border offers.

The second obstacle to data liberalisation derives from private market limitations, which prevent data portability across IT systems by means of so-called vendor lock-in (aka proprietary lock-in or customer lock-in) practices. This widespread business phenomenon (e.g. Microsoft, Apple, Google, Nvidia, even hotels!) has its origin in providers wanting to create a condition of artificial dependence, which makes customers virtually totally dependent on them for the goods or services they provide. Customers are put in such a position that they cannot purchase goods or services from a competitor without incurring both the substantial costs and cumbersome and inconvenient organisational difficulties involved in switching to a new provider. Providers implement this sort of “forced loyalty” both by means of adopting technologies or standards differ from those used by competitors and the inclusion of contractual conditions which are particularly penalising in case of a switch.

Thus, in order to curb the spread of such practices and arrangements, with this proposal the Commission wants to tackle the problems through four lines of action.

Firstly, the proposal introduces a general principle of free circulation of data among Member States which allows businesses free choice of where to process or store their data. Legally provided restrictions will have to be be carefully scrutinised and will only be legitimate in cases when public and/or national security are at stake.

Secondly, with the intention of reassuring national legislators, the proposal guarantees that the competent authorities (of each Member State) will have access to data stored or processed in another Member State on the same conditions of access guaranteed nationally.

Thirdly, the proposal encourages the elaboration of self-regulatory codes of conduct which would smooth portability conditions and therefore, for example, switches of cloud service providers. The aim is that of also building a sort of “right to data portability” for non-personal data, in the same way as that provided for by the privacy Regulation for personal data. The need is to make sure that that customers’ freedom of choice is in place not only at the start of a contractual relationship, but that it is maintained and made technically possible for the entire duration of the relationship.

Lastly, the proposal establishes a central point of contact for each Member State, in order to guarantee the successful application of the new rules on the free flow of non-personal data.

In conclusion, there is no doubt that the regulation proposal is aimed first and foremost at businesses and public administrations, with significantly lower impact on individual citizens. However, if it is seen in the light of and in coordination with the European data framework, the proposal takes on much more general relevance. In fact, thanks to this new formulation, a number of the principles contained in the privacy Regulation, such as those regarding free data circulation and data portability, would be strengthened as a result of an extension of their scope of application.

 

 

  • Recent comments

  • Popular posts

    • None found