This post was written by Cynthia O’Donoghue.
The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs has outlined its concerns over the lack of clarity within the data protection principles contained in the proposed General Data Protection Regulation, and has made various proposals which they believe will strengthen the level of data protection.
The Committee stresses the need to include a definition of ‘anonymity’ to illustrate to data controllers when they are outside the scope of the Regulation, and that the definition of ‘consent’ needs to be clearer and include clarification that technical standards that express an individual’s wishes, such as a ‘Do Not Track’ standard, are a valid form of providing explicit consent.
To improve transparency, the Committee also suggests that information about how data is processed be provided to individuals in an easily comprehensible form, such as by ‘layered privacy policies’ and standardised logos or icons. The Committee also supports the extraterritorial application of the proposed Regulation, but believes that the criteria for determining ‘adequacy’ may need to be strengthened.
Whilst endorsing the right to be forgotten, the right to object, and the mandatory introduction of Data Protection Officers (DPO) within the EU, the Committee nonetheless suggests that more specific guidance in relation to DPO independence, powers and duties is necessary, and that further strengthening accountability can be achieved through aligning data breach notification with standards contained in the e-Privacy Directive.
The Committee encourages a clearer division of duties and responsibilities between data controllers and data processors to avoid legal uncertainty for companies, authorities and consumers, as well as stronger incentives for companies to implement privacy-by-design principles.