In May 2018, the new European Union (EU) privacy and data security regulations will take effect. These regulations, formally known as the General Data Protection Regulation (GDPR), will make many changes from current EU regulations. Even with Brexit, the UK plans to implement the Regulation as well. The challenges can seem daunting, and the stakes are potentially high as the regulators can impose fines for non-compliance as high as 4% of global revenue.
In a March 30, 2017 opinion piece, “Don’t trade away data protection,” two leading Members of the European Parliament, Viviane Reding and Jan-Phillip Albrecht, suggest “strengthening data protection safeguards in the General Exception (known as GATS XIV) and E-Commerce chapters, and removing necessity and consistency tests.” The idea behind the proposal is to make absolutely certain that the General Data Protection Regulation (GDPR) and perhaps other parts of the EU privacy acquis could not be successfully challenged as inconsistent with an affirmative cross-border data flow obligation. This is a topic SIIA will comment on again in the coming months, likely in a longer form Issue Brief. This blog discusses the proposal to remove the necessity test.
I spoke on July 2 in Berlin at a conference organized by the German Standards Agency (DIN) on “Data protection in the EU and Germany – Impediment or basis of our digital future.” SIIA was one of the sponsors of this important event. DIN put together a terrific program with a good blend of proponents of European data protection approaches and perspectives from industries in the forefront of data-driven innovation.