DIGITALEUROPE publishes its report “Two years of GDPR”
Ahead of the European Commission’s June 2020 evaluation report on the application and functioning of the General Data Protection Regulation (GDPR), DIGITALEUROPE seeks to provide input on the central elements of the GDPR that were a success alongside recommendations for how the GDPR can be improved.
Two years after its adoption, the impact of the GDPR on Europe’s data protection and privacy landscape cannot be overstated. Not only did the GDPR provide upgraded rights to consumers and aimed at harmonising the rules across the continent; its effect rippled beyond Europe to influence the debate around other countries’ data protection legislation and spark renewed interest in issues of data privacy.
However, despite the attempts of EU Member States to ensure a consistent application of the law, fragmentation remains, ultimately contradicting the harmonisation aim of the Regulation.
DIGITALEUROPE’s report aims at analysing the key elements of the GDPR, as well as assessing the successes and the shortcomings of its implementation over its two years of existence.
In particular, the GDPR report identifies the following areas of improvement:
Establishing additional and more flexible data transfer mechanisms, including adequacy decisions and Standard Data Protection Clauses, and expanding regulatory guidance on appropriate safeguards.
Providing additional interpretation to suit modern day technology, most notably the complexities brought about by emerging technologies such as artificial intelligence (AI) and blockchain.
Improving coordinated implementation across Member States to create a truly harmonised legal framework by strengthening consistency and cooperation among Supervisory Authorities.
Strengthening and promoting the One-Stop-Shop mechanism, and generally minimising inconsistencies between EU and national law as regards interpretation and enforcement.
Addressing sectoral specific concerns, such as healthcare and finance, by providing greater clarity in issues such as data exchanges for scientific research purposes, consent, and anonymization.
To this end, DIGITALEUROPE encourages the European Data Protection Board (EDPB) to continue collaborating with stakeholders and industry in producing essential guidance.