The Industry Coalition for Data Protection argued last week that the European Commission's proposal for a data-protection regulation “threatens to unravel the digital ecosystem” and cited many attendant “risks” (“Digital ecosystem comes under threat”, 31 January-6 February).
The more immediate risk is that the Coalition's approach would leave EU consumers in a digital ‘dark room', without control of personal data – including their identity details, and data on daily activities, social life, political views, hobbies, financial data and health records – that are collected and processed by companies.
The right to protection of personal data should not be eroded simply because it has become easier or more profitable to do so in the digital environment. The Commission's proposal laudably clarifies the principles for processing personal data already within the 1995 directive.
The rights to information about personal data and to access, object to, correct and erase personal data are not new. Rather, the core issue is that in the digital environment companies often simply do not bother to comply with existing law.
Seventy percent of Europeans are concerned that their data is being used for a purpose other than that for which it was collected. So, appropriately, the new proposal envisages that non-complying companies would – for the first time – face strong sanctions.
The draft law strikes a welcome balance between an effective data-protection system and not “significantly [increasing] red tape” for businesses. It abolishes a burdensome notification procedure that costs businesses approximately €130 million per year. A level playing-field is then created for businesses, as a single law applies across the EU.
This harmonisation is projected to save businesses up to €2.3 billion per year, according to the Commission's impact assessment.
A solid legal framework for data protection would help boost consumer confidence, particularly in the complex online environment. People must be able to trust the way their data is handled.