×
ECR

EU Data Protection package is an improvement, but work needed to ensure it does not harm small busin

17 December 2015

EU Data Protection package is an improvement, but work needed to ensure it does not harm small busin

The new data protection legislation will be put to a vote today in the European Parliament’s Civil Liberties committee. Timothy Kirkhope, the ECR Group's lead negotiator on the package, will support the agreement on the regulation and the directive, but now believes the European Commission has some work ahead to ensure business is clear on its rights and responsibilities under the new regime.

The new data protection legislation will be put to a vote today in the European Parliament’s Civil Liberties committee. Timothy Kirkhope, the European Conservatives and Reformists Group lead negotiator on the package, will support the agreement on the regulation and the directive, but now believes the European Commission has some work ahead to ensure business is clear on its rights and responsibilities under the new regime.

Mr Kirkhope said:
“The key to whether this legislation succeeds or fails will be how the European Commission implements it. If the commission can make sure that businesses have a clear understanding of how the principles affect them, and the actions they must take, then it can have a positive effect.
“What has come out of the process is a significant improvement on previous proposals, with a more reasonable approach to fines and protection for medical and scientific research. The regulation takes more of a risk-based approach and we were also pleased to be able to ensure countries that want lower ages for parental consent on social media have been accommodated.
“The big multinationals have vast compliance departments for unravelling what this law means for them. Now we need for the European Commission to be clear in how it implements the law so that smaller businesses are clear on how this law will affect them, and how they can prepare for it.
“If the European Commission implements this law correctly then it should bring real benefits to how people can take control over their data. If they mishandle the implementation, it will become a burden for businesses.”

Key aspects of the regulation are:

Consent

The text removes the vague concept that ‘unambiguous consent’ is needed for processing data, replacing it with ‘consent’ that can take the form of any appropriate method enabling a freely given specific and informed indication of the data subject’s wishes, either by written, electronic, or oral statement, or if required by specific circumstances, by any other clear, affirmative or unambiguous action by the data subject. This could include ticking a box (not pre ticked boxes), or any other statement or conduct which indicates in this context the data subject’s acceptance of the proposed processing of their personal data. Silence will not constitute consent. Processing sensitive data such as ethnic or racial origin or political opinion will be dealt with separately.

Consent for children

The rules will require parental consent for processing personal data for under 16s, but if national law applies that age can be lowered to 13. In some countries the 16 year old age of consent will lower the age, whilst other countries with lower ages can continue to apply them.

Right to rectification

Data subjects shall have the right to obtain from the controller without undue delay the rectification of personal data concerning him or her which are inaccurate.

Data breaches

Data breaches will have to be notified to the supervisory authority within 72 hours and where such a breach is likely to result in a high risk for the rights and freedoms of individuals, they should be notified without delay.

Data protection officer

Bodies that systematically monitor and process data on a large scale will be required to appoint a data protection officer.

Penalties

There will be a two tier system for higher and lower data breaches.

The lower level maximum fine would include 2% of the previous year’s worldwide turnover for a company, or a maximum fine of 10, 000, 000 Euros. The higher level maximum fine would be 4% of the previous year’s worldwide turnover for a company, or a maximum fine of 20, 000, 000 Euros. Supervisory authorities will take into account the nature, gravity and duration of the infringement before deciding what fine to levy, and lower, more proportionate punishments are possible for minor infringements.

Medical and scientific research and historical records

Medical research, scientific research and historical and statistical data are dealt with separately, when used in the public, scientific or historical interest. It is appropriate to safeguards to ensure data minimisation and to look at other ways of protecting data such as pseudonymisation. Specific national derogations can be applied to ensure public interest around research.

SHARE

ECR

OUR TWEETS

ECR Group

14 hours ago

🦠 The effects of the #Covid19 pandemic are still upon us ❗️ We need to act to stop history from repeating itself… twitter.com/i/web/status/1…

ECR Group

18 hours ago

🧪 #Europe has given birth to countless inventions & innovations. We can't let ourselves fall behind. By cutting r… twitter.com/i/web/status/1…

ECR Group

20 hours ago

The 🇪🇺 was created by our nations to serve them, not the other way around. 𝗢𝘂𝗿 𝗮𝗶𝗺? 🎯 To preserve the sovereignty… twitter.com/i/web/status/1…

ECR Group

yesterday

"In #Cuba, we face one of the most vicious crackdowns on innocent people wanting change and #democracy in their cou… twitter.com/i/web/status/1…

ECR Group

yesterday

We all know that #Cuba has no intention of upholding its side of the 🇪🇺-🇨🇺 Agreement. It's time to say "enough is e… twitter.com/i/web/status/1…

ECR Group

yesterday

Again this year, the people of #Cuba took to the streets to demand their basic rights – the same rights we take for… twitter.com/i/web/status/1…

ECR Group

2 days ago

There's an illegitimate, vertical attempt to bring down the conservative government in #Poland and replace it with… twitter.com/i/web/status/1…

ECR Group

2 days ago

ECR MEP @j_wisniewska 🗣️ "In the only legal, treaty procedure under Article 7, no risk of violation of the… twitter.com/i/web/status/1…

ECR Group

2 days ago

"From this crisis has emerged the need for a profound change..." Responding to @EU_Commission President… twitter.com/i/web/status/1…

Assita Kanko MEP

2 days ago

Finally discussing the #Pegasus scandal in the plenary. Spyware that can even activate the camera and microphone on… twitter.com/i/web/status/1…





© 2020. All rights reserved. European Conservatives and Reformists Group