Ecommerce Europe has proposed alternative texts to some parts of the Data Protection Regulation proposal to the policy makers in the Council of the European Union. Ecommerce Europe has always been advocating for a balanced approach in the Data Protection Regulation, which should protect the individual without creating too many administrative burdens for the sector. That is why Ecommerce Europe believes that the text proposed after the Justice and Home Affairs Council’s agreement in December 2014 still has room for improvement.
Confusing definitions of “profile” and “profiling” (art. 4)
Ecommerce Europe believes that the definitions of “profile” and “profiling” (art. 4) make it unclear whether profiling restricted to the processing of non-personal data of the data subject falls under the scope of the Data Protection Regulation. Ecommerce Europe suggests erasing the unclear and unnecessary definition of “Profile” and restricting the definition of ‘Profiling’ to the automated processing of only personal data by skipping the link to “profile”.
No need of special provisions for profiling restricted to processing of normal personal data (art. 20)
On Lawfulness of profiling (art. 20), Ecommerce Europe seriously doubts the need of special provisions for profiling of normal personal data which has no legal effect concerning the data subject and does not cause harm to the data subject. As such profiling is not a special or specific form of processing personal and non-personal data, it does not need special or specific regulation and can be covered by the general provisions on the processing of personal data.
Unnecessary extra right to object processing of personal data (art. 19)
On the right to object processing of personal data based on the legitimate interests pursued by the controller (art. 19), Ecommerce Europe believes that the right for the data subject to object processing of his data on the fact that the legitimate interests pursued by the controller are overridden by his interests or rights and freedoms, is already adequately provided for in the right of erasure of article 17. In that view, Ecommerce Europe believes that there is no need for an extra right to object this processing.
Data portability should be restricted to social network services (art. 18)
Ecommerce Europe supports the restriction of the scope of the right to data portability to user generated content and to automated processing. On the other hand, Ecommerce Europe opposes a right to data portability that is not restricted to data processed in the course of social network services the data subject has entered into based on his consent.
Right for the data subject to obtain confirmation of processing of personal data and access it only on his request (art. 15)
In the opinion of Ecommerce Europe, the data subject should obtain confirmation of processing from the controller only on request of the data subject. The wording of article 15 is however not clear on whether the controller has to provide the mentioned confirmation regularly on his own initiative or only on request of the data subject. That is why Ecommerce Europe supports clarification of the provision by adding the wording “on his or her request”.
For a more exhaustive analysis of the previous amendments, and on the Right to be forgotten and to erasure (art. 17),download a copy of the document containing Ecommerce Europe proposed amendments for the Data Protection Regulation.