The EU Digital Single Market: data protection and privacy

Written on 7 May 2015

On 6 May 2015 the European Commission published its “Digital Single Market Strategy for Europe”. The Commission’s proposals are aimed at producing a true digital single market, one with – in President Juncker’s optimistic words – “pan-continental telecoms networks, digital services that cross borders and a wave of innovative European start-ups”.

Read more about the impact on data protection and privacy below.

The EU Digital Single Market Strategy is an area we will continue to monitor closely. Click here to read our latest updates and keep up to date with the developments as they happen.

Improving trust and confidence in online services

The Commission has identified that cyber security issues are a major cause of concern for consumers and that responding effectively to cyber-threats will improve the confidence and trust of consumers in online services.

The Strategy paper discusses the proposed Network and Information Security Directive (not yet finalised), which the Commission sees as forming a key part of ensuring online security. There is currently some uncertainty about the extent to which online service providers will fall within the scope of that Directive – perhaps the Strategy paper is a strong sign that they will?

The proposed Directive contains additional security breach notification requirements, audit rights and other measures which would be potentially challenging for ISPs, cloud service providers and other providers of online content to comply with, due to the complex eco-system which supports online services. It may also risk overlapping or going against breach notification and audit requirements proposed under the draft European General Data Protection Regulation.

As well as strengthening the protection of personal data with the new EU rules on data protection and privacy that will apply across all sectors, the Commission will also be reviewing the ePrivacy Directive in 2016. The ePrivacy Directive regulates the use of personal data for marketing electronically, the use of location data, and traffic data and cookies, which the Commission argues have not kept up with the changes to the way that online services are delivered. It seems that the Commission in particular intends to broaden the scope of the ePrivacy rules in order for them to apply to new Internet-based communication service providers too.

In summary, the Strategy paper is a clear indication that the laws covering all aspects of data protection, including marketing and security, are going to be significantly changing in the near future.

“Considering the potential overlap between some of these European legislative proposals, a careful assessment on how they will co-exist and be managed will be key. Otherwise, the EU risks substantially increasing the burden of doing business, which in turn may impact consumers’ rights and choices.” Ann-Sophie DeGraeve, Senior Associate, Osborne Clarke, Belgium