On 28 February 2018, Andrus Ansip, the European Commission (Commission) Vice President and commissioner responsible for the Digital Single Market strategy, commented that all companies should be able to monetise user data, in the same way that social media companies do. Mr Ansip’s comments reflect the aims of the General Data Protection Regulation (GDPR) to harmonise regulation and protection across the European Union (EU). On a related theme, the Commission also published guidance earlier this year on the direct application of the GDPR.
Mr Ansip’s comments
Mr Ansip commented to CNBC that the Commission has to protect traditional media, and that the aim of the EU was to create a “more equal playing field between telecoms operators and social media platforms”. Mr Ansip highlighted what he perceives to be the unfairness in the data economy: “[s]ome players can use data they have and some other players are regulated, practically it is impossible to use the data they have in their hands … it will be normal when, on the basis of people’s consent, all the players can monetize the data they have.”
On 24 January 2018, the Commission published “Stronger protection, new opportunities”, a Communication to the European Parliament and Council providing guidance on the direct application of the GDPR.
In essence, the guidelines:
- Recap the main innovations and opportunities created by the GDPR.
- Outline preparatory work undertaken so far.
- Highlight preparations the Commission, national data protection authorities and national governments are yet to carry out, including member states finalising the adaptation of existing national legislation to ensure compatibility with GDPR and ensuring that national independent regulators are fully operational.
- Advise national data protection authorities to intensify their awareness-raising activities around the GDPR.
- Set out actions the Commission intends to take in future, including an online guidance tool in all EU languages, and an event in May 2019 to assess stakeholders’ experiences of implementing the GDPR – culminating in a report on the application of the GDPR in 2020.
The guidelines also list the guidance produced so far by the Article 29 Working Party, the advisory body made up of representatives from the data protection authority of each EU member state, the European Data Protection Supervisor and the Commission.
The comments of Vice President Ansip, and the release of the further guidance on implementation from the Commission, show the EU authorities’ focus on implementing the GDPR across the EU. Implementation will be crucial for businesses, so this emphasis provides reassurance that attention is being paid to how the GDPR will work in practice, with the ultimate goal being as seamless a transition as possible to the new data protection framework. The fact that the Commission is already looking beyond the implementation should reassure businesses that further guidance will be issued in the future.