Data Protection Regulation ‘Riddled with Inconsistencies’ and ‘Half-baked Concepts’

Adoption of the European Union’s proposed General Data Protection Regulation took a substantial step forward after the Civil Liberties Committee (LIBE) rubber stamped the changes included in the European Commission’s original proposal.

News of the vote caused outcry from the IAB Europe, with the organisation’s vice president, Kimon Zorbas, labelling the European Parliament LIBE Committee (pictured above) a failure because of the way it has handled the data protection amendments.

“The LIBE Committee missed a critical opportunity to strike the right balance between the protection of European citizens’ fundamental rights to privacy and the promotion of innovation and growth,” Zorbas said.

“The European Parliament vote demonstrates just how detached Brussels is from commercial reality in Europe today.”

Pseudonymous Data Profiling

One of the big talking points from last night’s vote is that pseudonymous data profiling, the collection of user data identifiable by a computer’s IP, will now be permitted, but the IAB Europe feels this part of the reform needs further work.

“We welcome the inclusion of pseudonymous data but the final regulation must fine tune the principle if it is to be effective. The online industry wants Europe to adopt Germany’s approach to dealing with this type of data,” Zorbas explained.

“Instead we see new, immature and half-baked concepts, like ‘reasonable consumer expectations’ that create legal uncertainty and ambiguity leading to overly complex privacy policies – the very thing legislators wanted to avoid.”

Chance of Further Changes

However, the IAB Europe retains some hope that all the issues concerning the data protection regulation in its current guise have a chance of being addressed when the three groups eventually meet.

“The adopted draft text is riddled with inconsistencies which we hope to be corrected by the trialogue with the Council and European Commission,” stated Zorbas.

“The LIBE Committee agreed that explicit consent would be required in most circumstances which will be nearly impossible to obtain for most European B2B companies or any fledgling small or medium sized digital enterprise.”

Comparisons are now being drawn to the ePrivacy Directive because of the way the data protection draft is currently being handled by the European Parliament and, according to the IAB Europe, how unworkable the proposals are in practice.