You searched for:
The Cookie Jar

The Digital Single Market and the General Data Protection Regulation

On 6 May 2015 the European Commission published its "Digital Single Market Strategy for Europe". The Commission's proposals are aimed at producing a true digital single market, with "pan-continental telecoms networks, digital services that cross borders and a wave of innovative European start-ups". The strategy is directed at making the EU's single market freedoms "go digital." Completing the Digital Single Market is one of the top priorities of the European Commission.

The Digital Single Market Strategy includes a set of targeted actions to be delivered by the end of next year. It is built on three policy areas or ‘pillars’:

(1) better access for consumers and businesses to digital goods and services across Europe;

(2) creating the right conditions and a level playing field for digital networks and innovative services to prosper;

(3) maximising the growth potential of the digital economy.
The Digital Single Market and European Data Protection Reform
One of the main objectives of the Digital Single Market, in order to facilitate its overarching goal, is to rapidly conclude negotiations on common EU data protection rules. According to Andrus Ansip, Vice-President for the Digital Single Market:

“Data protection is at the heart of the digital single market; it builds a strong basis to help Europe make better use of innovative digital services like big data and cloud computing.”

Therefore, the shift towards strengthening Europe’s already high standards of data protection is considered to be a business opportunity. In the words of the Commission, “data is the currency of today's digital economy.” Information is collected, analysed and transferred across the world and it has acquired great economic significance. It is estimated that the value of European citizens' personal data could grow to almost €1 trillion per annum by 2020.

A major step towards improved and harmonised data protection rules, supporting the realisation of the Digital Single Market, is the draft General Data Protection Regulation (GDPR). The Commission has emphasised that it is committed to the highest standard in respect of data protection and indicated that it believes the GDPR will “increase trust in digital services”. The Commission faces the challenge of balancing the interests of businesses against the rights of citizens, and of protecting data subjects whilst facilitating innovation. It is anticipated that greater regulation will have the welcome side effect of a more successful digital economy, since consumers will have greater trust in digital goods and services. The recitals to the GDPR explicitly state that trust is key to economic development. Furthermore, since the GDPR takes the form of a regulation, and not a directive, it will have direct effect and will not require to be transposed into national law. The outcome should be a more harmonised position throughout Europe, helping to create one digital market.

Once the GDPR is agreed, the Commission will thereafter review the ePrivacy Directive with the goal of creating a level playing field for all market players and ensuring a high level of protection for data subjects.
How do the EU data protection rules outlined in the GDPR contribute to boosting the Digital Single Market?

As noted above, it is envisaged that data protection reform will address any lack of trust in digital goods and services. The European Commission's data protection reform framework will help the digital single market realise the potential of the digital economy, through a number of significant innovations. The GDPR provisions will strengthen citizen’s rights, and benefit businesses, by introducing certain concepts and changes such as:
  • the right to be forgotten: The Commission initially proposed a broad right to be forgotten. Following the CJEU's decision in Costeja v Google, more recent versions of the Regulation have reformulated this as a 'right to erasure'.
  • the right to data portability: Article 18(2) of the Commission's proposal introduced a new concept of data portability, a controversial new right that would enable data subjects to transfer their personal data in a commonly-used electronic format from one data controller to another without hindrance from the original controller.
  • Data breach notification obligation: The Regulation will also introduce a general data breach reporting obligation, requiring businesses to inform the relevant supervisory authority and, in certain cases, affected data subjects.
  • One continent, one law: The GDPR will establish a single, pan-European data protection law, replacing the present patchwork of national laws which result in inconsistencies. Businesses will only have to deal with one law, as opposed to interpreting twenty eight.
  • One-stop-shop: The GDPR will establish a 'one-stop-shop' for businesses: this means that businesses will only have to liaise with one single supervisory authority, rather than twenty eight separate authorities. This should result in a simpler and more cost effective approach to business within the EU. It will also make for a more efficient and effective process for citizens in terms of protecting their data.
  • The same rules for all companies – irrespective of location: presently European corporations have to comply with stricter standards than those corporations established out with the EU (but also conducting business within the single market). The planned reform would result in companies located outside of Europe having to apply the same rules (if addressing goods/ services at EU), thereby ensuring a fair starting position. The GDPR also addresses international transfers of data, seeking to streamline the process through simplified approval of binding corporate rules. This will enable international trade while ensuring the protection of personal data.
  • European regulators will be equipped with strong enforcement powers: The reform will also provide supervisory authorities with stronger enforcement powers to ensure that the new rules are complied with. Their powers will be bolstered allowing them to impose fines of up to 2-5% (the precise percentage is still being negotiated) of a company’s annual worldwide turnover. This should provide consumers with some comfort that data protection will be taken seriously by businesses.
  • Consistency mechanism: In order to create a single market for data, identical rules on their own will be insufficient. The rules must be interpreted and applied in the same way throughout Europe in order to achieve uniformity in practice. In order to achieve this, the GDPR introduces a consistency mechanism to streamline cooperation between the data protection authorities on issues with implications for all of Europe.

The Digital Single Market project team plans to deliver on its strategy by the end of 2016. The GDPR will play a key role in fulfilling its objectives. With the backing of the European Parliament and the Council, the Digital Single Market should be completed as soon as possible. It remains to be seen what the exact outcome of the Digital Single Market and GDPR proposals will be. It is, however, clear that the Commission’s Strategy is likely to have an integral role in the digital economy, at a global level, over the course of future years.