Our Coalition is made up of nineteen European companies, from SMEs to Global Multinationals and non-profit organisations operating in a variety of sectors, on a national, regional and global scale. With an aggregate turnover (2013) of over € 158 billion and some 752.000 employees worldwide, our footprint allows us to bring growth, progress and jobs to the EU economy.
We strongly believe that the modernisation of Europe’s data protection regime requires a review of the roles and responsibilities of data controllers and processors. However, we caution against the implementation of joint liability that blurs responsibilities in the data processing value chain, which would jeopardise the protection of citizens’ rights and increase industry costs.
In our view, the proposed Regulation must do more than encourage growth on the EU internal market: it must also foster global trade in services and promote cross border data flows with third countries. Not all data transfers are equal. Therefore, we support the Council’s introduction of legitimate interest as a legal basis to transfer data. We encourage the EU Institutions to preserve this legal provision during trilogue discussions.
We recognise that reasonable administrative fines are necessary part of an effective data protection regime so that deceptive enterprises are not able to exploit non-compliance. However, we believe that an enforcement strategy promoting accountability and increased detection using codified and well-balanced sanction guidelines is preferable to simple deterrence.
An effective One-Stop-Shop approach must be maintained, including a lead Data Protection Authority (DPA) operating under two principles: a single privacy regulator even if operations span several Member States, and ‘one decision – one outcome’.
Overly prescriptive requirements and high administrative burdens placed on controllers and processors can and certainly should be avoided in circumstances where they do not contribute to safeguarding a high level of data protection.