Data Privacy Protection in The EU

Privacy is becoming one of the central debates of our time. Technological and commercial developments have strengthened companies’ ability and incentive to gather, manipulate and trade personal data. Because personal data are a type of asset for many companies, in time, personal data may well become a competition issue. Concentration concerns could exist if a company has exclusive access to personal data in a given market.

To visualize it more we can look at a number of recommendations to Google by the French data protection authority, the CNIL, that examines Google’s compliance with European data protection law.
Recommendations:

• That Google enhance its notices to users by becoming more specific about what types of data Google processes and combines, and for which services; by introducing new interactive privacy notices; by adding more in-product and product-specific privacy information; and so on.

• That Google simplify the various opt-out mechanisms that it provides to users, and to make them available in “one place”;

• That Google obtain explicit user consent for the combination of user data for certain purposes.

We can point to data portability as another area that could fall under competition regulators’ purview, if customers were prevented from switching from a company to another because they cannot carry their data along. Data portability is currently a significant issue of contention in Europe, in part because the proposed Data Protection Regulation would grant data subjects the right to obtain and export data in a standardized format. Some companies in the IT sector oppose the proposed right to data portability on the ground that lock-in should not be treated as a data privacy issue, and should instead be dealt with under competition rules.

 

Sudi Nour