study published 22 September 2015 criticises the EU’s development of its Digital Single Market (‘DSM’) strategy for being overly commercially and economically driven, with little attention to the key legal and social challenges regarding privacy and personal data protection. The development of the DSM should not be at the expense of individuals’ privacy rights, say the authors. The study was commissioned by the European Parliament’s Civil Liberties, Justice and Home Affairs Committee.

The DSM strategy was unveiled earlier this year and is aimed at removing regulatory barriers so that digital services can operate seamlessly throughout the EU. However, despite promises made by the Commission and DSM Vice President to review the interplay between the e-Privacy Directive (2002/58/EC) and the DSM, the study finds that the strategy downplays the complexity of issues such as data anonymisation and minimisation in Big Data.

The study urges those engaged on reforming EU data protection by means of the proposed General Data Protection Regulation (‘GDPR’), to focus on strengthening the rights of ‘digital citizens’, noting that as far as Big Data, smart devices and the Internet of Things, there are potential gaps in protection in the draft GDPR, including around:

  • Transparency and information obligations on data controllers
  • Consent (including consent in case of ‘repurposing’ the use of personal data)
  • Balancing public interest against individuals’ interests for legitimising personal data processing
  • Regulating the profiling of individuals
  • Safeguarding digital rights in case of data transfers to third parties and third countries

The authors recommend that more should be done to require data controllers to protect the Fundamental Rights of ‘digital citizens’, and that the GDPR should not offer any lesser protection or guarantees than under the current EU data protection regime. The GDPR is expected to be finalised during 2015.