Live Blogging from "The Public Voice" in Uruguay: WP 29 Chair Says Proposed EU Regulation is Not Tough Enough
At the opening panel of The Public Voice, Article 29 Working Party Chair Jacob Konstamm spoke in favor of strengthening the pending EU Data Protection Regulation, observing that he preferred the "leaked draft" that circulated before the official draft was unveiled in January. Mr. Konstamm lamented that government and business are not treated equally in one instrument under the current proposals, with government subject to a proposed non-self-executing Directive and business subject to the proposed Regulation.
Explaining that negotiations between the EU Parliament and Council will begin in Spring 2013, Mr. Konstamm observed that there currently is "fierce lobbying" going on in Brussels by the US government and the IT industry that "threatens to weaken" the proposed Regulation.
Mr. Konstamm focused in particular on three issues he declared as critical in consideration of the EU Regulation: explicit consent; the definition of personal data; and purpose limitation.
Explicit Consent Mr. Konstamm said it is "crucial" to leave the requirement of explicit consent untouched, saying that "implicit consent could not and should not" serve as a basis for authorizing processing of data where there is no other legal basis for such processing.
Personal Data The proposed definition of personal data in the Regulation "does not fundamentally change the current definition" but still, noted Mr. Konstamm, there are efforts to weaken the definition. He said that the Article 29 Working Party is in favor of what he said was the FTC formulation of personal data -- that which allows an individual to be treated differently.
Purpose Limitation Mr. Konstamm said the provisions on "purpose limitation" (Article 6.4) undermines the current restrictions by allowing further processing so long as there is a legal basis. In his view, this permission is "too wide". Mr. Konstamm said that the Article 29 Working Party will issue an opinion in early 2013 on what purpose limitation should mean.
Please join us for our April 2016 Privacy and Cybersecurity Events.