The European Commission has adopted two sets of standard contractual clauses, one for use between controllers and processors and one for the transfer of personal data to third countries. They reflect new requirements under the General Data Protection Regulation (GDPR) and take into account the Schrems II judgement of the Court of Justice, ensuring a high level of data protection for citizens. These new tools will offer more legal predictability to European businesses and help, in particular, SMEs to ensure compliance with requirements for safe data transfers, while allowing data to move freely across borders, without legal barriers.
Values and Transparency Vice President Vera Jourová said: “In Europe, we want to remain open and allow data to flow, provided that the protection flows with it. The modernised Standard Contractual Clauses will help to achieve this objective: they offer businesses a useful tool to ensure they comply with data protection laws, both for their activities within the EU and for international transfers. This is a needed solution in the interconnected digital world where transferring data takes a click or two.”
Justice Commissioner Didier Reynders said: “In our modern digital world, it is important that data can be shared with the necessary protection - inside and outside the EU. With these reinforced clauses, we are giving more safety and legal certainty to companies for data transfers. After the Schrems II ruling, it was our duty and priority to come up with user-friendly tools, which companies can fully rely on. This package will significantly help companies to comply with the GDPR.”
More information is available here.
Espionage and data theft, the European struggle
As the ongoing conflict concerning data protection reaches new highs, Europe is still struggling to finding appropriate solutions to protect itself and its citizen from the theft, use and abuse of private data.
Dutch data protection authority fines Booking.com €475,000
Dutch Data Protection Authority (AP) has imposed a fine of €475,000 on Booking.com for a data breach where criminals accessed the personal data of more than 4,000 customers, including obtaining the credit card details of nearly 300 users of the popular travel site.
The criminals extracted login details to the accounts from employees of 40 hotels in the United Arab Emirates.
"Booking.com customers ran the risk of being robbed here," said Monique Verdier, Vice President of the Dutch data protection agency. "Even if the criminals did not steal credit card information but only someone's name, contact details and information about his or her hotel booking. The scammers used that data for phishing."
"By pretending to belong to the hotel by phone or email, they tried to take money from people. That can be very credible if such a scammer knows exactly when you booked which room. And asks if you want to pay for those nights. The damage can then be considerable, "said Verdier.
Booking.com was notified of the data breach on 13 January, but didn't report it within the mandatory three day period after discovering a breach. Instead, they waited a further 22 days.
"This is a serious violation," said Verdier. "Unfortunately, a data breach can happen anywhere, even if you have taken good precautions. But to prevent damage to your customers and the repetition of such a data breach, you must report this in time. Speed is very important."
European strategy for data: What MEPs want
Find out how MEPs want to shape the EU's rules for non-personal data sharing to boost innovation and the economy while protecting privacy.
Data is at the heart of the EU's digital transformation that is influencing all aspects of society and the economy. It is necessary for the development of artificial intelligence, which is one of the EU's priorities, and presents significant opportunities for innovation, recovery after the Covid-19 crisis and growth, for example in health and green technologies.
Read more about big data opportunities and challenges.
Responding to the European Commission's European Strategy for Data, Parliament's industry, research and energy committee called for legislation focussed on people based on European values of privacy and transparency that will enable Europeans and EU-based companies to benefit from the potential of industrial and public data in a report adopted on 24 February 2021.
The benefits of an EU data economy
MEPs said that the crisis has shown the need for efficient data legislation that will support research and innovation. Large quantities of quality data, notably non-personal - industrial, public, and commercial - already exist in the EU and their full potential is yet to be explored. In the coming years, much more data will be generated. MEPs expect data legislation to help tap into this potential and make data available to European companies, including small and medium-sized enterprises, and researchers.
Enabling data flow between sectors and countries will help European businesses of all sizes to innovate and thrive in Europe and beyond and help establish the EU as a leader in the data economy.
The Commission projects that the data economy in the EU could grow from €301 billion in 2018 to €829 billion in 2025, with the number of data professionals rising from 5.7 to 10.9 million.
Europe's global competitors, such as the US and China, are innovating quickly and applying their ways of data access and use. To become a leader in the data economy, the EU should find a European way to unleash potential and set standards.
Rules to protect privacy, transparency and fundamental rights
MEPs said rules should be based on privacy, transparency and respect for fundamental rights. The frree sharing of data must be limited to non-personal data or irreversibly anonymised data. Individuals must be in full control of their data and be protected by EU data protection rules, notably the General Data Protection Regulation (GDPR).
The committee called on the Commission and EU countries to work with other countries on global standards to promote EU values and principles and ensure the Union’s market remains competitive.
European data spaces and big data infrastructure
Calling for the free flow of data to be the guiding principle, MEPs urged the Commission and EU countries to create sectoral data spaces that will enable the sharing of data while following common guidelines, legal requirements and protocols. In light of the pandemic, MEPs said that special attention should be given to the Common European Health Data Space.
As the success of the data strategy depends largely on information and communication technology infrastructure, MEPs called for accelerating technological developments in the EU, such as cybersecurity technology, optical fibres, 5G and 6G, and welcomed proposals to advance Europe's role in supercomputing and quantum computing. They warned that the digital divide between regions should be tackled to ensure equal possibilities, especially in light of the post-Covid recovery.
Environmental footprint of big data
While data has the potential to support green technologies and the EU's goal to become climate neutral by 2050, the digital sector is responsible for more than 2% of global greenhouse gas emissions. As it grows, it must focus on lowering its carbon footprint and reducing E-waste, MEPs said.
EU data sharing legislation
The Commission presented a European strategy for data in February 2020. The strategy and the White paper on artificial intelligence are the first pillars of the Commission's digital strategy.
Read more about artificial intelligence opportunities and what the Parliament wants.
The industry, research and energy committee expects the report will be taken into account in the new Data Act that the Commission will present in the second half of 2021.
Parliament is also working on a report on the Data Governance Act that the Commission presented in December 2020 as part of the strategy for data. It aims to increase data availability and strengthen trust in data sharing and in intermediaries.
Parliament is set to vote on the committee report during a plenary session in March.
A European strategy for data
Data Governance Act: European data governance
Bulgaria2 days ago
The caretaker government in Bulgaria attacks public service television in an attempt to silence the opposition
Ukraine5 days ago
Biden against corruption? Why the stolen money in Ukraine may never return
COVID-193 days ago
Mainstream media risks becoming a threat to public health
EU3 days ago
Parliament votes to take Commission to court over inaction on breaches of the rule of law
UK2 days ago
Biden has a Brexit warning for Britain: Don't imperil Northern Irish peace
Brexit4 days ago
Brexit Adjustment Reserve: MEPs want swift disbursement of €5 billion fund
Health4 days ago
Interview with Eric Bossan, Head of Europe Viatris
coronavirus3 days ago
EU Digital COVID Certificate: It’s now up to EU countries