Industry calls on government to take its time in negotiating data protection regulation

Digital infrastructure Skills supply Welfare technology

In Brussels, there is a flurry of activity around the upcoming General Data Protection Regulation, which will be a fully unified data protection law (equivalent to the GDPR) for the EU and the Single Market. It is a hugely important and complex regulation both for the protection of personal data and European competitiveness, as it affects all forms of data processing services. The Commission wants the negotiations to be concluded as soon as possible, probably in view of the spring European Parliament elections. This is opposed by IT&Telecom companies. Earlier this month, we therefore wrote to Commissioners Beatrice Ask and Anna-Karin Hatt urging them not to rush through the negotiations prematurely.

Dear Minister,

I am writing on the occasion of the upcoming Council of EU Justice Ministers, which will address the reform of Europe's data protection rules. We are concerned that Member States are being pressured to commit to a deadline by which they must agree on the draft Data Protection Regulation. We believe that a number of important points have not been sufficiently discussed to justify an agreement at this stage.

Let me be clear. The reform of the EU data protection framework has the potential to be one of the most important policy achievements of the digital society. A harmonized set of data protection rules for all 28 European Member States would create a truly digital single market for Swedish businesses. It would make it easier for businesses to operate across national borders, while giving European companies access to fast-growing markets outside the EU. It would allow small and medium-sized enterprises to benefit from economies of scale, take advantage of cost efficiencies using internet-based technologies, and create greater legal certainty for Swedish citizens knowing that one law applies across all European markets. 

Only a robust, balanced and future-proof regulation can serve as a model to be followed in countries around the world.

Unfortunately, we believe that the current proposals do not yet live up to that standard, as they rely on unworkable solutions that would threaten the digital ecosystem and fail to create meaningful rights or protections for Swedish citizens. Many rules would increase bureaucracy and jeopardize the competitiveness of European businesses. The rules must strike a better balance between protecting personal data and enabling digital technologies so as not to risk undermining the innovative foundations of Europe's digital economy.

The economic impact of the regulation on European competitiveness is more extensive and complex than the focus on economic effects allowed by the proposal in its current form. That is, the proposal only addresses company-specific costs to formally meet and fulfill new regulatory requirements (compliance costs). The regulation must strike a better balance between citizens' legitimate right to data protection and the potential of digital technologies to generate growth. Otherwise, the regulation risks undermining the innovative power of the European digital economy.

We are very concerned that a political commitment to set a deadline for agreement would prevent discussion on crucial elements of the content of the Regulation. In particular, we believe that more time is needed to develop workable solutions in the Regulation to

● adopt a risk-based approach, including recognizing context and risk in defining personal data
● ensure clear roles and responsibilities in the data processing value chain
● introduce a meaningful mechanism for central contact points and simplify the main establishment rules to make it easier to effectively apply new data protection rules for both businesses and consumers
● limit the requirement for explicit consent to real risk situations
● secure free cross-border data flow to ensure that Swedish companies have access to fast-growing markets outside the EU

Constructive dialogue takes time - especially when it concerns a complex regulation which, by definition, must be implemented immediately in a rich diversity of business models across 28 countries. The Council's approach so far has been the right one: thoughtful and well-considered deliberations that "take into account the interests of both citizens and businesses, in particular SMEs".

We trust that you will carefully consider these requirements and we are at your disposal should you wish to discuss the matter further.

Yours sincerely
IT&Telecom companies within Almega

Anne-Marie Fransson
Director of the Federation