Members of the European Parliament (MEPs) have recently given an update on the proposed General Data Protection Regulation (GDPR) during a joint meeting of the Internal Market & Consumer Protection and Civil Liberties & Home Affairs Committees. During the debate, MEPs reviewed the considerable progress achieved so far, but also outlined the remaining points of contention, and some of them are of great importance for the e-commerce sector.
Still seeking for an agreement on consent to data processing
MEP Albrecht – Parliamentary Rapporteur for the GDPR – highlighted that the European negotiators are still discussing what form an explicit consent to data processing should take and how it can be given by the data subject. Consumers’ consent is a key element for the e-commerce sector, and Ecommerce Europe believes that a risk-based consent rule, depending on the specific circumstances of the personal data collection, is the most suitable approach. Therefore, Ecommerce Europe urges European legislators not to impose the requirement of explicit consent as this would have a negative effect on the sector, and supports the notion of “unambiguous” consent for processing the non-sensitive data of consumers.
Possible higher fines for data protection violations
The fine system under the GDPR has been proving to be a contentious point. Companies operating in the EU might be fined up to 4% of their annual global turnover for violating data protection rules, according to the statement of two EU negotiators. However, the percentage may still change in the final negotiations. Ecommerce Europe asks EU legislators for a lower and more proportionate rate, as high sanctions would be detrimental for potential investment.
Full harmonization and an up-to-date Regulation?
Although optimistic about the current stage of developments, Shadow Rapporteur MEP Voss suggested that the contents of the Regulation are not as up to date as they could be and that there is still some way to go before a full harmonization of data protection legislation across the EU. The MEP also emphasized the need for a risk-based approach to data processing, with bureaucratic procedures only being used where they are really necessary, and Ecommerce Europe totally agrees with MEP Voss on this point. The new GDPR should effectively protect the consumer but without additional administrative burdens for online merchants.
European legislators all agreed that a final agreement on the GDPR is a top priority and according to MEP Albrecht this is very likely to happen by the end of the year. In this case, the new Regulation should be implemented by the beginning of 2018, leaving therefore two years to companies in order to adapt to the new legislation.
For a detailed overview of Ecommerce Europe’s recommendations on Data Protection and Privacy, please click here to read the recently updated position paper.