Connect with us

Data protection

European Commission Online Platform Recommendations reflect welcome consensus on key issues

SHARE:

Published

on

We use your sign-up to provide content in ways you've consented to and to improve our understanding of you. You can unsubscribe at any time.

Digital Single MarketToday (26 May) the European Commission adopted a number of legislative and non-legislative initiatives as part of the Digital Single Market strategy.

In response to the European Commission’s policy position on online platforms, the Center for Data Innovation, a think tank studying data and public policy, released the following statement from Director Daniel Castro: "The Commission correctly recognizes that online platforms underpin today’s digital economy. How successfully European businesses and startups can leverage these online platforms will be inextricably linked to whether the EU can establish fair, efficient, and harmonized rules across its member states.

"The Commission endorsed important principles such as ensuring a level playing field, safe guarding a fair and innovation-friendly business environment, and encouraging coordinated EU-wide self-regulatory efforts by online platforms. Notably, the Commission agreed that achieving a level playing field does not necessarily require increasing regulations, but instead, simplifying, modernizing, and lightening existing regulations.

Advertisement

"In addition, the Commission recognized the value of keeping markets open and non-discriminatory to foster a data-driven economy and supporting the free flow of data. In particular, the Commission endorsed its commitment to ensuring open platforms are developed for key emerging technologies, such as smart cities and the Internet of Things, and using public funds to support the development of these platforms.   However, there were some concerning ideas proposed by the Commission. For example, the Commission leveled an unfair critique on the widespread practice of allowing consumers to use private-sector online authentication systems and suggested that online service providers should have to accept credentials issued by the government. While the public sector should continue to develop secure tools to allow consumers to legally identify or authenticate themselves online, this should not come at the expense of private sector innovation.

"Overall, it is encouraging to see an emerging consensus on the need to modernize the EU’s regulatory environment to allow digital innovation to flourish and unlock the potential of the data economy. Hopefully, this forward-looking vision will help guide European policymakers’ efforts as they review other important policies including the e-Privacy Directive, and shape the EU’s implementation of the General Data Protection Regulation to lessen some of the more burdensome requirements.

The Center for Data Innovation is the leading global think tank studying the intersection of data, technology, and public policy. With staff in Washington, DC, and Brussels, the Center formulates and promotes pragmatic public policies designed to maximize the benefits of data-driven innovation in the public and private sectors. It educates policymakers and the public about the opportunities and challenges associated with data, as well as technology trends such as predictive analytics, open data, cloud computing, and the Internet of Things. The Center is a nonprofit, nonpartisan research institute proudly affiliated with the Information Technology and Innovation Foundation. For more about the Center, visit datainnovation.org.

Advertisement

Data

Greater protection, innovation and growth in the UK’s data sector as announced by the UK's Digital Secretary

Published

on

The Information Commissioner’s Office (ICO) is set for an overhaul to drive greater innovation and growth in the UK’s data sector and better protect the public from major data threats, under planned reforms announced by the Digital Secretary Oliver Dowden

Bridget Treacy, partner (UK privacy and cybersecurity practice), Hunton Andrews Kurth, said: “The UK government has signalled an ambitious vision for reforming the UK’s data protection laws, simplifying the current regime, reducing red tape for business and encouraging data-led innovation. After careful analysis, the government believes it can significantly improve the UK’s data privacy regime and how it works in practice, while retaining high standards of protection for individuals. Far from attempting to replace the current regime, this looks like an attempt to fine tune it, making it better able to serve the needs of all stakeholders and a better fit for the digital age. 

“Taking a fresh look at international data flows is long overdue, and here it will be interesting to see how creative the UK government is prepared to be. Global data flows are an inevitable part of global commerce and the Covid-19 pandemic highlighted the need for global collaboration in research and innovation. The UK government wants to enable trusted and responsible data flows, without reducing protection for individuals, and without needless red tape. A more agile, flexible, risk-based and outcomes-driven approach for determining adequacy may improve data protection overall. But here the government will need to take particular care, assuming it wishes to retain the UK’s adequacy status in the EU.

Advertisement

“It appears that even the Information Commissioner’s Office will be the subject of reform, with proposals to modernize the governance structure of the data protection regulator, set clear objectives and to ensure greater transparency and accountability. The ICO is a highly respected data protection regulator, offering much admired global leadership on difficult issues. Care will be needed to ensure the ICO’s much vaunted and highly valued independence are not compromised by the proposed reforms.

“Overall, this looks like a thoughtful attempt to improve the UK’s existing data protection regime, not through radical change, but by building on and fine tuning the existing framework to make it a better fit for our digital age. Organizations should welcome the opportunity to contribute to this consultation.”

Bojana Bellamy, president of Hunton Andrews Kurth’s Centre for Information Policy Leadership (CIPL), a pre-eminent global information policy think tank located in Washington, DC, London and Brussels said: “The UK government vision is a positive development and is much needed to address the opportunities and challenges of our digital age. The plans should be welcomed in both the U.K. and in the EU. This is not about lowering the level of data protection or getting rid of GDPR, it is about making the law actually work in practice, more effectively and in a way that creates benefits for all – organisations using data, individuals, regulators and the UK society and economy. Laws and regulatory practices need to evolve and be agile just like the technologies they are trying to regulate. Countries that create the flexible and innovative regulatory regimes will be better placed to respond to the Fourth Industrial Revolution we are witnessing today.

Advertisement

“There is no doubt that some aspects of the GDPR do not work well, and some areas are unhelpfully obscure. For example, the rules for data use in scientific and industrial research and innovation are cumbersome to locate and analyse, hindering use and sharing of data for these beneficial purposes; it is difficult to use personal data for training AI algorithms to avoid bias; individuals’ consent to data processing has been rendered meaningless through over-use; and international data flows have become mired in red tape.

“The UK government’s bold vision to simplify the current data protection regime, reduce red tape, put more onus on organisations to manage and use data responsibly, and to reinforce the pivotal role of the UK privacy regulator is the right way forward. It achieves both effective protection for individuals and their data and enables data driven innovation, growth and societal benefits. Other governments and countries should follow the UK lead.

“It is high time to revamp the rules for international data flows and the UK Government is absolutely right to focus on enabling trusted and responsible data flows. Businesses in all sectors will welcome a more seamless regime for data transfers and adequacy decisions in respect of more countries. Corporate data privacy officers divert too much resource to addressing the legal technicalities of data flows from the EU, especially in the aftermath of the EU Schrems II judgement. Consumers and businesses would be better served by organisations focusing on privacy by design, risk impact assessments and building comprehensive privacy management programmes fit for the new digital economy. 

“It is encouraging that the government recognizes the UK Information Commissioner’s Office as a key digital regulator in the UK, with a critical remit of protecting both individuals’ information rights and enabling responsible data driven innovation and growth in the UK. The ICO has been a progressive regulator and influencer in the global regulatory community. The ICO must be given the resources and tools to be strategic, innovative, engaging early on with organisations using data and encouraging and rewarding best practices and accountability.”

Continue Reading

Data

New rules on open data and reuse of public sector information start to apply

Published

on

17 July marked the deadline for member states to transpose the revised Directive on open data and reuse of public sector information into national law. The updated rules will stimulate the development of innovative solutions such as mobility apps, increase transparency by opening the access to publicly funded research data, and support new technologies, including artificial intelligence. A Europe fit for the Digital Age Executive Vice President Margrethe Vestage said: “With our Data Strategy, we are defining a European approach to unlock the benefits of data. The new directive is key to make the vast and valuable pool of resources produced by public bodies available for reuse. Resources that have already been paid by the taxpayer. So the society and the economy can benefit from more transparency in the public sector and innovative products.”

Internal market Commissioner Thierry Breton said: “These rules on open data and reuse of public sector information will enable us to overcome the barriers that prevent the full re-use of public sector data, in particular for SMEs. The total direct economic value of these data is expected to quadruple from €52 billion in 2018 for the EU Member States and the UK to €194 billion in 2030. Increased business opportunities will benefit all EU citizens thanks to new services.”

The public sector produces, collects and disseminates data in many areas, for example geographical, legal, meteorological, political and educational data. The new rules, adopted in June 2019, ensure that more of this public sector information is easily available for re-use, thus generating value for the economy and society. They result from a review of the former Directive on the re-use of public sector information (PSI Directive). The new rules will bring the legislative framework up to date with recent advances in digital technologies and further stimulate digital innovation. More information is available online.  

Advertisement

Continue Reading

Brexit

EU grants UK data adequacy for a four-year period

Published

on

Today (28 June) the EU adopted two adequacy decisions for the United Kingdom just two days before a conditional interim regime agreed in the EU-UK Trade and Co-operation Agreement expired on 30 June 2021. The new adequacy agreements have immediate effect, writes Catherine Feore. 

The decision recognizes that the UK’s rules - which are, in effect, the EU’s - were satisfactory to meet the EU’s level of protection. The decisions are requirements under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive allowing data to flow freely from the EU to the UK. 

British Prime Minister Boris Johnson asked leading Brexit supporters, including Iain Duncan Smith MP, to form a taskforce to “seize the new opportunities from leaving the EU”. One of the areas identified by the taskforce was GDPR, which it considers to be a barrier to innovation and growth. 

Advertisement

In its final report, the taskforce specifically identifies articles 5 and 22 of the GDPR as 

detrimental to business. Article 5 of GDPR requires data be “collected for specified, explicit and legitimate purposes” and “adequate, relevant and limited to what is necessary”. The taskforce believes that this limits the development of AI technologies. 

Article 22 of GDPR stipulates that individuals should “[not] be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her”, the UK side argues that including human review, might result in decisions that are wrong, not explainable or biased and say that automated decision-making should not be based solely on explicit consent, but could be used where there was a legitimate or public interest in play.

Advertisement

Values and Transparency Vice President Věra Jourová said: “The UK has left the EU but today its legal regime of protecting personal data is as it was. Because of this, we are adopting these adequacy decisions today.”  Jourová acknowledged the concern of Parliament over the possibility of UK divergence, but said there were significant safeguards.  

Justice Commissioner Didier Reynders said: “After months of careful assessments, today we can give EU citizens certainty that their personal data will be protected when it is transferred to the UK. This is an essential component of our new relationship with the UK. It is important for smooth trade and the effective fight against crime.”

For the first time, the adequacy decisions include a ‘sunset clause', which strictly limits their duration. This means that the decisions will automatically expire after four years. After that period, the adequacy findings might be renewed, however, only if the UK continues to ensure an adequate level of data protection.

The Commission has confirmed that during these four years, it will continue to monitor the legal situation in the UK and could intervene at any point, if the UK deviates from the level of protection currently in place. 

Julian David, CEO of TechUK, a trade body for the UK digital sector, said: “Securing an EU-UK adequacy decision has been a top priority for techUK and the wider tech industry since the day after the 2016 referendum. The decision that the UK’s data protection regime offers an equivalent level of protection to the EU GDPR is a vote of confidence in the UK’s high data protection standards and is of vital importance to UK-EU trade as the free flow of data is essential to all business sectors.”

The UK is hoping that developments on this question can be developed through the G7 Digital and Technology sector co-ordination agreement.

Rafi Azim-Khan, Head of Data Privacy at international law firm Pillsbury, said: “You could probably power the UK's entire offshore wind fleet with the sigh of relief from UK businesses. The UK has now secured a data law adequacy finding from the EU. This is a very big deal for any businesses operating in the UK, as it avoids complications that could have interfered with data flows from the EU to the UK, in the same way transfers beyond the EU to the US, Far East and other countries are affected.

“It must be remembered that EU rules have been driving data-law changes across the world. The GDPR is often viewed as the gold standard of data-privacy laws and has had a major ripple effect such as influencing new laws, such as in Brazil and California. The EU is seemingly prepared to take a hard line over changes to the GDPR. It’s likely the UK will stay pretty much in lockstep with Europe, perhaps with some tinkering to help fit ‘Global Britain’ efforts.”

Continue Reading
Advertisement
Advertisement
Advertisement

Trending