Joint letter - Organisations voice concerns over the Digital Content Directive

Dear Sir/Madam,

Our organisations, representing the full array of creators, developers, publishers and distributors of digital content write to express concern about the proposed Directive on the supply of digital content (the “Digital Content Directive”, or DCD) and to draw your attention to the opinion published by the European Data Protection Supervisor (EDPS) who shares many of these concerns.

Interference with the application of EU data protection framework should be avoided.

The right to the protection of personal data, a fundamental right enshrined in Article 8 of the European Charter of Fundamental Rights, is of paramount importance in the digital economy. Europe has robust data protection legislation to vindicate this right, which will be reinforced when the General Data Protection Regulation (GDPR) comes into effect.

The proposed Digital Content Directive must not upset the balance of data protection rules which have been carefully negotiated by the EU legislator. This is all the more important at a time when organizations of all sizes and from all sectors prepare to implement the new data protection regime agreed in May 2016.

We concur with the EDPS who states in his recent opinion that “the Proposal is not the proper instrument to regulate the use of personal data” and that “overlapping initiatives could inadvertently put at risk the coherence of the Digital Single Market, resulting in regulatory fragmentation and legal uncertainty”.

In this respect, we call on the co-legislators to remove overlaps and contradictions between the proposed Directive and existing data protection rules. Personal data are already covered by existing data protection rules.

The concept of data as a counter-performance should be removed.

The notion of “data as a counter-performance” is key to the problems of the proposal. The EDPS opinion rightly warns that the notion of personal data as counterperformance, and the regime thereof contained in the proposed Directive, would alter the balance created by the GDPR regarding the circumstances under which the processing of personal data may take place in the digital single market.

In addition, the opinion considers the notion of “counter-performance” as a catch-all term that is vague, misleading, and generally inappropriate to address the variety of business models, data usages and relationships between data subjects/consumers and suppliers/controllers. Indeed, the proposal provides no clear definition as to when data would be regarded as a counter performance, nor does it offer suppliers guidance on how they should assess the value of data, should that be possible at all, they have collected and how the individual should be reimbursed, or technically enabled to retrieve data provided, in case of termination. Above all, the proposal does not provide any coherent reference to the existing legislation on personal data protection.

To avoid further overlap and conflict with data protection laws, we urge the colegislator to delete the concept of “data as a counter performance” and limit the scope of the proposed Directive to paid digital content.

Extending the DCD to ‘other data’ provides no added value to the consumer.

The definitions contained in the DCD proposal are generally broad and it is unclear what type of data and/or services would fall under the proposed regime. The apparent distinction between “other data” and “personal data” is a prime example of the confusion and new problems that the proposed Directive creates.

As the EDPS highlights in their opinion, it is likely that “almost all data provided by the consumers to the provider of the digital content will be considered as personal data [given] the broad definition of personal data.” Indeed, any data provided by the consumer to the supplier of the digital content will necessarily “relate to” him or her, and therefore be considered personal data. Should an additional category of “other data” be added, this would force suppliers of digital content to process much more personal data than necessary. This violates the minimization principles central to the GDPR.

We therefore urge the Council and the Parliament to delete references to the concept of “other data” which would conflict with the data protection framework, both the GDPR and the spirit of the current Directive 95/46.

Call for significant adjustment of the scope and purpose

In conclusion, we agree with the EDPS that the proposal should be consistent with the EU data protection framework across the board. Achieving this consistency will require significant reconsideration of how data is both defined and affected in this proposal. We stand ready to continue working with policymakers and strive for a balanced and coherent consumer protection framework for digital content.