More than two-thirds of online retailers say that proposed changes to EU data protection rules will damage business, according to a poll by Europe’s largest e-commerce association.
The European Commission has remained steadfast on its revision to the Data Protection Directive despite heavy lobbying from companies and the US, which have sought to water down the rules.
The survey by the European Multi-channel and Online Trade Association (EMOTA), which represents some 80% of EU online traders, may come as a further blow to EU hopes of keeping the strong data privacy reforms within the European Commission proposals.
For the survey, released yesterday (3 July), EMOTA asked 90 companies from the UK, Germany, Austria, France, Sweden, Switzerland, Greece and Spain to assess the impact of regulatory changes on their business.
According to the EMOTA survey, the companies polled fear that the rules will increase costs and negatively affect marketing and consumers’ experience of buying online.
Walter Devenuto, the president of EMOTA, said: "The results of the EMOTA survey speak for themselves. Businesses across the EU, small and large, are very concerned about the new data protection rules and we need to reassure them that consumer and business interests will be effectively balanced, avoiding excessive constraints in direct marketing and unnecessary administrative burdens for companies."
The EU proposals aim to tighten up internet governance, such as through changes to the rules on how companies may seek consent to use consumers’ information online, how long they may keep that information and use of third party information.
The new rules would also oblige retailers to hire a data protection officer to ensure compliance.
The prospect of constraints to internet business is a major concern for entrepreneurs, many of whom turned to online retail to lower costs during the crisis.
The survey flags the proposed change to the wording of EU rules on how companies may seek consent to use consumer information online to “explicit and specific” consent from “unambiguous consent”, as the rules currently state.
EMOTA says that 70% of replies showed that companies fear the change will impede first contact with new potential customers or affect marketing to existing customers, hitting entrepreneurship and consumer choice.
EMOTA quotes anonymously a Greek retailer. “If there is a limitation to the way data can be used, based on what is outlined at the time of collection, almost every aspect of business communication will be made illegal,” the retailer said.
“For example, companies will not be able to make product proposals based on previous purchases, since this data manipulation is almost never outlined, although common sense dictates that it is practiced both online and offline.”
According to EMOTA’s interpretation of the survey, almost 80% of the companies saw third-party access to personal data, based on “legitimate interest”, as crucial to well-functioning online market and to the quality of customer experience. EMOTA quotes a UK retailer: “Without these, how we are supposed to improve our products and services to customers and let consumers actually buy goods is beyond me”.
On the requirement of hiring a data protection officer, 90% of companies thought it would be too burdensome in terms of running costs. Three quarters also called for the limitation of the “right to be forgotten”, a proposal to protect individuals from having their data retained by internet operators.
The EU’s chief data protection supervisor, Peter Hustinx, singled out the “right to be forgotten” as a key target for lobbyists.
Governance of e-commerce is a hot topic in Brussels as regulators, faced with intense lobbying, look to revise the Data Protection Directive to balance data privacy concerns with the potential benefits of an EU-wide computerised, low-cost online economy.
In May, Hustinx warned that “excessive lobbying” and intentional red herrings may lead to the collapse of the revision of the directive.
American officials and companies, including Facebook and Google, have also lobbied Brussels on the directive. Washington has pressured EU officials over the reforms ahead of negotiations for a free trade agreement with the United States.
The new data rules would limit the ability of US authorities to spy on EU citizens through a measure known as the “anti-Fisa clause”, after the Foreign Intelligence Surveillance Act, by nullifying US requests for technology and telecoms companies to hand over data on EU citizens, according to the Financial Times.
A diplomatic source told EurActiv that despite differing regimes and perspectives on data privacy, the EU and the US would find a way around such concerns in trade negotiations, as data was essential to national security and the functioning of both economies.
Viviane Reding, the EU justice commissioner, said that she would fight against a watering down of the reforms.
In a speech to justice ministers on 6 June, Reding said the proposals would generate growth by harmonising the EU’s “patchwork” of national rules, generate trust through up-to-date legislation and address the data privacy concerns of citizens.
“I count on the European Parliament and on the incoming Lithuanian presidency to resist, alongside the Commission, all attempts by those who are still trying to weaken data protection standards in Europe,” she said.
The European Commission published in January 2012 a broad legislative package aimed at safeguarding personal data across the EU.
The package consists of two legislative proposals: a general regulation on data protection (directly applicable in all member states) and a specific directive (to be transposed into national laws) on data protection in the area of police and justice.
The two proposals have been discussed extensively inthe European Parliament and the Council and are due to be voted on by the Parliament in the near future.
Among the issues are the right to be forgotten, data portability, profiling, consent and access to But deputies are struggling to agree on around 4,000 amendments, some directly copy-pasted from corporate entities into the draft, possibly stalling the orientation vote in the civil liberties committee again.
- 2013: Updated data protection rules continue to be negotiated by European Parliament and European Council
- EUR-Lex: Existing Data Protection Directive (24 Oct. 1995) [FR]
- Proposed regulation revising data protection rules (25 Jan. 2012) [FR]
- Proposed Directive on use of data by security institutions (25 Jan. 2012) [FR]
- US mission to the EU: Five Myths Regarding Privacy and Law Enforcement Access to Personal Information in the European Union and the United States (4 December 2012)
- US Department of Commerce: Informal paper on EU data protection overhaul (16 Jan. 2012)