The Global Privacy Alliance (GPA), a group of US companies
including IBM, Oracle, VeriSign and General Motors, has said that
EU data protection laws should be more relaxed. The GPA complains
that current privacy legislation inhibits the free flow of
information between businesses and that a “simpler approach would
allow data protection authorities to focus on real threats to
privacy.”
These comments were contained in a position paper that the GPA
submitted to the European Commission, as part of a consultation on
the implementation of the 1998 Data Protection Directive.
In its paper, the GPA suggests that transborder data flows
should be simplified and “better facilitated” through industry
self-regulation and codes of conduct.
The GPA also points out that the Directive “fails to provide
sufficiently clear and workable criteria for determining the legal
regime applicable to data processing activities”, and claims that
the risk of “simultaneous application of several different regimes”
increases the costs of compliance.
The GPA further believes that the application of the Directive
to internet-only contracts from outside the EU is “unworkable”, and
that Member States’ data protection laws should not apply based
solely on accessibility by an individual to a web site.
Finally, the GPA finds that EU law makes it “extremely
time-consuming, expensive and burdensome” for US companies to store
business data of European citizens, and suggests that only “truly”
personal data and not business contact data should fall within the
scope of the Directive.
The GPA comments will feed directly into the European
Commission’s data protection conference, which will finish later
today.
