EU DPAs want wide definition of personal data

The EU Art.29 Data Protection Working Party says that it is necessary to adopt a broad definition of personal data in the proposed EU DP Regulation framework. The group suggests that identification numbers, location data, online identifiers or other specific factors should, as a rule, be considered as personal data. The current wording in the proposals states that these types of data need not necessarily be considered as personal data in all circumstances.

In its recent opinion on the proposed EU DP framework, the group defends the concept of ‘explicit consent’ and stresses that when consent is relied on, it needs to be of a high standard.

On the large number of delegated acts, the DPAs say that some issues could be incorporated in the text of the Regulation itself, or a recital (the preliminary statements of purpose), or left to national legislation, or guidance by the DPAs.

Discussions on the reform package are on-going both in the European Parliament and the Council. The EU DPAs welcome the steps undertaken by the Cypriot Presidency of the Council meant to reinvigorate discussions in the Council Working Group dealing with the reform.

Member States have been sent a questionnaire regarding delegated and implementing acts, administrative burden and the degree of flexibility in data protection rules deemed necessary for the public sector. The responses were expected by 4 October.

The European Parliament’s LIBE Committee (Committee on Civil Liberties, Justice and Home Affairs) held meetings with representatives of national parliaments on 9-10 October, and is expected to issue a draft report by the end of the year.

See the DP Working Party’s Opinion, adopted 5 October.

Read more about this topic in the December issue of Privacy Laws & Business International Report.