Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in News & Events

Live Blogging from “The Public Voice” in Uruguay: WP 29 Chair Says Proposed EU Regulation is Not Tough Enough

Civil society organizations concerned with privacy and data protection are meeting today as “The Public Voice” in Uruguay, in advance of the 34th Annual Meeting of Data Protection Authorities and Privacy Commissioners.  Later today, I will moderate a panel on self-regulation with Germany’s Peter Schaar, Uruguay’s Eduardo Fleischer, Jorg Polakiewicz from the Council of Europe and FTC Commissioner Julie Brill. Tomorrow, at the official DPA meeting, I will be on the lead-off plenary panel addressing the “Information Society and Privacy.”

At the opening panel of The Public Voice, Article 29 Working Party Chair Jacob Konstamm spoke in favor of strengthening the pending EU Data Protection Regulation, observing that he preferred the “leaked draft” that circulated before the official draft was unveiled in January.  Mr. Konstamm lamented that government and business are not treated equally in one instrument under the current proposals, with government subject to a proposed non-self-executing Directive and business subject to the proposed Regulation. 

Explaining that negotiations between the EU Parliament and Council will begin in Spring 2013, Mr. Konstamm observed that there currently is “fierce lobbying” going on in Brussels by the US government and the IT industry that “threatens to weaken” the proposed Regulation.

Mr. Konstamm focused in particular on three issues he declared as critical in consideration of the EU Regulation: explicit consent; the definition of personal data; and purpose limitation.

 

Explicit Consent  Mr. Konstamm said it is “crucial” to leave the requirement of explicit consent untouched, saying that “implicit consent could not and should not” serve as a basis for authorizing processing of data where there is no other legal basis for such processing.

Personal Data  The proposed definition of personal data in the Regulation “does not fundamentally change the current definition” but still, noted Mr. Konstamm, there are efforts to weaken the definition.  He said that the Article 29 Working Party is in favor of what he said was the FTC formulation of personal data  — that which allows an individual to be treated differently.

Purpose Limitation  Mr. Konstamm said the provisions on “purpose limitation” (Article 6.4) undermines the current restrictions by allowing further processing so long as there is a legal basis.  In his view, this permission is “too wide”.  Mr. Konstamm said that the Article 29 Working Party will issue an opinion in early 2013 on what purpose limitation should mean.