Europaudvalget 2014-15 (1. samling)
KOM (2012) 0011 Bilag 12
Offentligt
1408302_0001.png
1
1
 PDF to HTML - Convert PDF files to HTML files
1408302_0002.png
2
2
 PDF to HTML - Convert PDF files to HTML files
1408302_0003.png
Ecommerce Europe is the association
representing
around
25,000
companies
Privacy and Transparency for Consumer
Trust and Consumer Centrality
selling products and/or services online to
consumers in Europe. Ecommerce Europe
is a major stakeholder in policy issues
concerning the Digital Single Market -
which experiences difficulties in the cross-
border coordination between Directorate-
Generals, Member States, and Members of
the
European
Parliament.
Ecommerce
Privacy and protection of personal data are key
drivers for trust in the e-commerce sector and
cross-border industry development. Consumer
trust is at the core of the e-commerce market,
and therefore the fair, safe and transparent use
and collection of data is key to the growth of
the industry. Recent technical developments in
information collection and analysis stimulate
business innovation and provide opportunities
for merchants to further tailor their business to
the consumer’s needs – thereby creating a
flourishing e-commerce market to the benefit of
all. When personal data and privacy are
adequately protected, merchants will still be
Ecommerce
institutions
Europe
for
a
asks
the
European
for
e-
able
to
benefit
from
recent
technical
Europe offers to be a one-stop-shop for the
European Institutions for all e-commerce
related issues. Ecommerce Europe can be
consulted
when
it
comes
to
market
research and data, policy questions and in-
depth country knowledge.
one-stop-shop
developments in information collection.
commerce policies which are currently covered
by a plethora of legislation. In order to achieve
this
Ecommerce
Europe
proposes
an
Ecommerce Europe therefore asks that
policy makers harmonize privacy and data
protection
approach
rules
and
through
without
a
risk-based
additional
integrated perspective on five key themes:
Internet
security
&
privacy,
consumer
rights, e-payments, tax issues and e-
logistics.
Detailed proposals linked to these
themes are outlined in the Ecommerce Europe
multiple position papers.
administrative burdens.
Governance and law making on privacy, data
usage, data collection and data protection both
on a national level and on a European level are
spread
across
separate
areas
and
departments like justice, telecommunication,
consumer
human
contractual
rights
and
rights,
fair
pleads
and
fundamental
competition.
for
an
Ecommerce
integrated
Europe
approach
cooperation
between the several bodies concerned.
3
 PDF to HTML - Convert PDF files to HTML files
1408302_0004.png
Legislation on privacy, data processing, data
collection and data protection should:
-
-
-
-
facilitate a flourishing business environment;
recognize the nature of the relationship
between a consumer and a merchant;
should meet the legitimate interests of both
the consumer/data subject and the merchant;
provide a level playing field for web shops in-
and outside of the European Union, thereby
facilitating the true cross-border and global
nature of the e-commerce market.
A clear distinction should be made between
the processing of personal data and other
data not being personal. In order to come to
a fact-based discussion about risks and
opportunities of the processing of data,
Ecommerce Europe advocates a risk-based
approach
concept
legislation
in
of
the
interpretation
data
in
for
of
the
personal
and
current
new
or
proposals
reformed legislation. In order to avoid
confusion in the public debate Ecommerce
Europe
recommends
to
restrict
the
Ecommerce
collaborate
stakeholders
Europe
with
on
is
committed
makers
to
and
definition of personal data
to data that
have more than low or no privacy impact for
the data subject. This definition is similar to
the
current
definition
in
the
Data
policy
the
for
following
and
recommendations
Transparency:
Privacy
Protection Regulation of 1995.
1. Adopt a risk-based approach
Ecommerce Europe urges lawmakers to
take a balanced approach in the regulation
of data collection, data processing and data
protection. Such a balanced approach is
risk-based and
focuses on the factual use
of data by merchants
rather than an
academic worst-case scenario based on
potential use. A risk-based approach also
differentiates between data with a high
privacy impact and data with low or no
privacy impact. Lawmakers should base
their policy and legislation on this sliding
scale
of
intrusiveness.
Moreover
they
should recognize the
industry’s potential
of self-regulation
and should refrain from
regulation when it comes to the collection
and processing of data with low or no
privacy impact.
3. Adopt a balanced framework for the
processing of Personal Data
Ecommerce Europe welcomes the efforts
made on the reform of the Data Protection
Regulation to come to a single uniform
European set of rules.
An update of the
existing legislation has great potential
for optimizing privacy rights
for the
consumer and regulating in a fair and
balanced way the legitimate interests of the
industry in data processing, data collection
and profiling. However, Ecommerce Europe
is concerned that
the proposed legal
framework
will
be
too
strict
and
inflexible.
On one hand the proposed legal
framework might limit the possibilities for
exploiting
the
economic
potential
for
profiling and collecting Big Data and thus
may
hamper innovation
in the sector. On
the other hand concerns rise about the
2. Adhere to the current definition of
personal data
costs for business
for data processing,
4
 PDF to HTML - Convert PDF files to HTML files
1408302_0005.png
profiling and collection of Big Data through
administrative burdens and excessive and
too strict obligations (especially for SMEs)
to perform a privacy impact assessment, to
assign a data protection officer and of data
leak notification procedures.
payment
personalize
and
delivery
their
process
and
online
shopping
experience. A risk-based approach based
on merchants’ factual use of profiling and
the actual privacy impact for the consumer
is also for profiling indicated. As far as
profiling has no or limited impact on the
consumer’s privacy, it should rather be
subject to self-regulation than to legislation.
Lawmakers should acknowledge the win-
win
situation
created
by
transparent
not
4. Realize the economic potential of Big
Data collection
The collection of “Big Data”
holds great
potential
for business innovation, new
business models and market opportunities.
It also has an evident potential to optimize
the
service
to
his
in
the
consumer,
with
thus
and
Both
profiling and the differentiation
discrimination – of users.
enhancing
confidence
experience
online
6. Introduce a standard information tool for
informing the consumer and a risk-
based consent rule
Ecommerce
Europe
believes
that
the
shopping.
personal data and non-personal data can
be
subject
to
Big
Data
collection.
Ecommerce Europe emphasizes the idea
that the collection of Big Data should be
transparent and only be subject of
privacy and data protection legislation
as far as personal data are involved.
In
order to maximize the economic potential of
Big Data to all players in the e-commerce
industry (especially SMEs) and to provide
for fair competition, Big Data collectors
should facilitate equal access on fair
conditions to the Big Data they control for
all competitors.
responsible processing of personal data,
profiling and collection of Big Data builds on
the idea of consumer trust and awareness.
Solid data protection regulation should be
based on the idea of transparency ensuring
that there is no doubt to the question
whether the data subject is fully aware of
what is going to happen, enabling him to
make a free and informed choice about the
processing of its data for a specified
purpose. To facilitate a merchant-consumer
relationship built on trust and in order to
ensure that consumers feel adequately
5. Acknowledge the win-win situation of
profiling
Ecommerce Europe believes that
clear and
transparent use of profiling
is essential
for a flourishing e-commerce business
environment. Profiling benefits users as the
technique can be used to further tailor to
the users’ needs, simplify their ordering,
informed
in
all
online
transactions,
Ecommerce Europe urges lawmakers to
consider a standard information tool for
informing the consumer on their privacy
rights. This model should be developed
in
cooperation
representative
with
the
industry,
of
data
organizations
subjects
and endorsed by the Commission
5
 PDF to HTML - Convert PDF files to HTML files
1408302_0006.png
and Data Protection Authorities as a fair
and compliant manner of informing the data
subject on privacy and data collection.
"right
to
be
forgotten"
is
therefore
unnecessary and could create redundancy
with these provisions. Ecommerce Europe
prefers to
strengthen the effectiveness of
Ecommerce Europe emphasizes that the
privacy impact of personal data processing
is context-dependent. Therefore,
a risk-
based consent rule,
depending on the
specific circumstances and the context of
the personal data collection, is the most
suitable approach. In essence, Ecommerce
Europe favours the notion of “unambiguous
consent” as a suitable instrument. In
addition,
Ecommerce
Europe
supports
existing rights rather than create a new
right of uncertain scope and meaning,
which
is
likely
to
have
serious
and
unwarrantable consequences for the e-
commerce sector and will partly be an
illusion because of technical impossibilities.
Moreover merchants have a wide range of
obligations to keep data on transactions for
the
sake
of
bookkeeping,
consumer
warranty, taxation, identification and more.
Any notion of the right to be forgotten
should therefore be
restricted to user
generated content
– as is suitable in a
balanced approach between consumers’
and merchants’ interests.
leaving open the possibility of consent by
appropriate device settings. This idea will
do justice to both consumers’ interests
regarding user friendly solutions and legal
certainty, as well as businesses’ interests
with regard to keeping additional costs to a
minimum by means of a uniform technical
standard. Under certain circumstances,
clearly communicated default options or
pre-ticked boxes should be deemed as
valid
means
to
acquire
unambiguous
8. Restrict
Data
Portability
to
user
generated content
Ecommerce Europe is not opposed to data
portability as it can benefit the consumer in
facilitating
a
smooth
online
shopping
consent.
process. However, data portability should
not be obliged by law as this will distort the
7. Strengthen the effectiveness of existing
rights on the notion of the right to be
forgotten
Ecommerce Europe supports the existing
legislation on the notion of the right to be
forgotten. The current data protection rules
state that private data may only be stored
for a limited time and are supplemented by
the right of individuals to have their data
deleted and/or withdraw their consent. This
already forms, strictly speaking, a “right to
be forgotten”. The introduction of a new
market
and
hamper
competition.
Ecommerce Europe believes that data
portability should only be used when it is to
the
benefit of the consumer.
Imposing
such a right to portability in the e-commerce
sector can lead to additional costs for
businesses
develop
since
new
companies
systems
Moreover,
have
for
to
data
management.
Ecommerce
Europe thinks that the creation of such a
right
will discourage companies from
implementing
innovative
services
6
 PDF to HTML - Convert PDF files to HTML files
1408302_0007.png
because sensitive commercial information
is allowed to be transmitted to competitors.
Therefore the obligation to provide for this
right
should
be
restricted
to
user-
cooperation between the several competent
authorities on Data Protection, Consumer
Protection,
Competition
and
Telecommunication on a national level. On
the other hand cooperation is needed in
supervision between the national authorities
on
a
European
level,
by
creating
generated content,
which is content that is
generated by the data subject itself, and
thus to social networks in particular.
supranational dialogue bodies
like the
9. Clarify the notion of consent in cookie
legislation
In order for merchants to provide a trust
worthy
and
user-friendly
shopping
article 29 Working Party is for the area of
data protection.
In all cases relevant
stakeholders need to be represented
in
these supranational bodies and should be
involved in their policy decisions and
interpretation
of
legislation.
experience it is important for the consumer
to be adequately informed about the
cookies being placed, so that the consumer
can make a choice based on his informed
consent. Implementation of the Cookie
Directive across the EU has learned
however that the definition of (timing of)
‘consent’ is unclear across Member States.
Ecommerce
Europe
encourages
policy
makers to
develop a clear definition of
(timing of) consent
based upon industry
solutions. Any further confusion concerning
the
legislation
should
be
clarified
in
accordance with the recommendations
of all stakeholders,
such as the Article 29
Working Party.
10. Installation of supranational dialogue
bodies
Uniformity on a national, European and
global level on interpretation of rules and
the enforcement by the several supervisory
authorities on privacy, data collection and
data protection should create a level
playing field for the industry. This
starts
with self-regulation of the global online
industry.
Next
to
this
it
requires
7
 PDF to HTML - Convert PDF files to HTML files
1408302_0008.png
Ecommerce Europe
Rue de Trèves 59-61
B-1040 Brussels
Belgium
Tel. Office: +32 (0) 2 502 31 34
Fax: +32 (0) 2 514 37 22
Email:
[email protected]
URL:
www.ecommerce-europe.eu
Twitter:
@Ecommerce_EU