In February of this year, the European Commission published the "European Data Law," a proposal for regulation that seeks to establish a harmonized framework for data sharing in the European Union. The proposed law aims to create rules that will apply to data (both personal and non-personal) generated by a wide range of products and services, including the Internet of Things (IoT), medical and healthcare devices, and virtual assistants. The Commission has stated that the new rules are expected to generate €270 billion of additional GDP by 2028.
However, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have raised concerns that the law, if approved in its current form, could reduce the right to privacy and the protection of personal data. In a joint opinion, they called for an alignment between the European Data Law and Europe's data protection regulations, highlighting the need for clear limitations on the use of personal data.
The EDPB and EDPS have raised concerns about the far-reaching impact of certain provisions that do not consider the potential impacts of sharing sensitive data generated by these devices and services, as well as the lack of additional safeguards to mitigate such impacts.
They also highlighted the need for a detailed definition of when and in which categories of data can be used by public authorities and entities in the public sector in times of emergency or exceptional circumstances and under what conditions.
The joint opinion by the EDPB and EDPS analyzed the proposed law in detail and called for a number of necessary improvements, including:
Limiting the use of data created not by the data subjects themselves, especially when the data will allow conclusions to be drawn about their private lives or will pose a high risk to their rights.
Defining clear limits on the use of data for purposes such as monitoring employees, calculating insurance premiums, credit rating, as well as direct marketing or advertising.
Limiting access and sharing of personal data with people who are not the subject of the information only to situations where all GDPR and electronic privacy requirements are met.
Supervision of the implementation of the data law in relation to personal data, and coordination between the authorized authorities according to the data law.
These recommendations illustrate the importance of striking a balance between the freedom of information flow and the protection of one's privacy. It is crucial to ensure that the proposed European Data Law respects the privacy and data protection rights of individuals while facilitating the free flow of data to promote innovation and economic growth.
In conclusion, the proposed European Data Law presents a challenge in balancing the tension between the freedom of information and the protection of privacy rights. While the law aims to promote innovation and economic growth, it must also ensure that individuals' rights are protected.
As the EDPB and EDPS have highlighted, clear limitations on the use of personal data, supervision of its implementation, and coordination between authorized authorities are essential to achieving this balance.
Ultimately, data protection matters, and it is essential to ensure that the European Data Law is implemented in a way that respects individuals' rights while promoting innovation and economic growth
Comments