In conjunction with Data Protection Day/Data Privacy Day, ICC has published comments on the European Union’s (EU) proposed General Data Protection Regulation issues relevant to future discussions to protect privacy, while allowing cross-border information to flow freely over the Internet. While ICC supports the goals of the regulation, it warns that its lack of clarity on certain requirements, together with the excessive burdens it would place on companies, would chill innovation and weaken the EU’s ability to attract investment. ICC is particularly concerned about the proposal’s effect on small- and medium-sized companies.
Christopher Kuner, who Co-Chairs the ICC Commission on the Digital Economy’s task force on privacy and personal data protection said: “The protection of fundamental rights and the promotion of innovation and economic progress, which have been the defining goals of European Union data protection and privacy efforts for the last two decades, are also the goals of the proposed regulation. However, ICC believes that changes need to be made to the proposed regulation to better promote these two goals.”
Drafted by the ICC Commission on the Digital Economy’s task force on privacy and personal data protection, the ICC comments include recommendations for clarifying the proposed regulation that could protect individuals’ data without encumbering businesses working with, or in, the EU.
ICC’s recommendations are based on in-depth discussions with ICC members from more than 120 companies of varying sizes around the world and with ICC national committees in over 90 countries worldwide. They focus on three points of particular concern to global business:
- The need for improved methods to allow for international data transfers;
- The reduction of unnecessary administrative burdens;
- Increasing harmonization to create a predictable set of rules and expectations.
Co-Chair of the ICC task force on privacy and personal data protection, David Hoffman, said: “Enabling cross-border data flows is essential to further economic growth in today’s information society. While promoting fundamental rights, the regulation should also eliminate unnecessary administrative burdens, such as removing bureaucratic hurdles to information flows.”
Citing cloud computing and big data as examples, ICC says the EU General Data Protection Regulation must allow data to cross international borders, as new business models and services – and economic opportunities – are based on global data flows. ICC believes that data flows can be structured so as to protect fundamental rights and the interests of individuals.
The paper concludes: “This Regulation creates a unique opportunity to promote economic development across the European Union while furthering shared goals of protecting privacy. Predictability in how organizations will process personal data can drive trust and confidence in participation in the digital economy. However, the revised draft does not fully take advantage of the opportunity for clarity. Instead, it runs the risk of creating greater uncertainty, which could decrease investment in the EU and weaken competitiveness. We urge the European Commission, the European Council and the European Parliament again to look specifically at language that provides more clarity for decreasing the burdens on international data transfers, reducing counter-productive administrative burdens, and promoting harmonization.”
Today’s comments are the latest step in ICC’s long-term contribution to data protection regulation, both in the EU and worldwide.
For more information on the commission’s work visit the ICC Commission on the Digital Economy
To learn more about EU data protection visit the ICC Task Force on Privacy and Personal Data Protection