EU Data Protection Regulation update

On
the 15th December 2015 the EU Parliament and Commission
finally agreed the text of the European Commission EU Data Protection Reform
which as originally proposed in 2012. 

In brief, under the reform, consumers gain
by being able to better control their personal data by having a clear
understanding of how their data is used; have the right to be forgotten when
they no longer wish to allow use of their data; and have the right to know if their data has
been unlawfully accessed (hacked). Consumers will also benefit from the right
to transfer their personal data between service providers where appropriate.

For businesses, the regulation will
establish a single set of rules to enable businesses a simpler, lower cost
structure for doing business across borders within the EU. There will be a
single supervisory authority to deal with, which will reduce costs and red tape
SMEs will not be obliged to appoint
their own data protection officer unless data processing is their core business
activity. Nor will SMEs have any obligation to carry out impact assessments.
Companies based outside the EU will have to comply with the same rules as EU
based businesses when conducting business within the EU, creating a more level playing field. Privacy friendly techniques such as pseudonymisation
will be encouraged so that businesses can leverage the benefits of big data
innovation while protecting individual privacy. 

Further ….. on consent which is of particular concern to marketers

One of the  better than anticipated outcomes is that the draft text refers to unambiguous consent rather than explicit consent – meaning that consent for mail and telephone marketing may still rely on the consumer choosing to opt out rather than depending on the consumer to opt in.  

Businesses will need to provide much clearer, simply worded and highly visible information about opting out so that individuals are able to exercise their right to opt out.  However individuals will have no right to opt out of profiling if they have explicitly consented to it – but can opt out of profiling which supports automated decision making,  if it has a legal effect or causes a significant effect. 

The Civil Liberties Committee of the EU Parliament approved the Regulation on 17th December 2015. It will now be put to a vote by all EU Parliament members and the EU Council of Ministers in 2016. 

Share

Twitter Facebook LinkedIn WhatsApp

Categories

Related News

Half of UK consumers back a return to VAT-free shopping for tourists

Reconomy launches ReDress to help textile producers meet expanding international EPR regs

Dr Martens opens case against Temu

CMA secures changes on green claims from Asda, Boohoo, ASOS

CMA launches investigation into supermarket loyalty schemes

Lush Cosmetics

Silverwood Brands backs down in Lush share dispute

Online pharmacy merger prompts CMA investigation

Ofcom launches consultation into Royal Mail’s universal postal service obligations

Sign up to receive our newsletter