Legal: Orgalim input on the GDPR review and evaluation

Published: 12 June 2020

Policies & Issues: Legal

In light of the upcoming GDPR review and evaluation, foreseen for June 2020, Orgalim would like to share its views with the European Commission. Given that it has only been two years since the GDPR came into force, Orgalim does not see a need to modify it. We believe a revision at this stage would undermine legal certainty, vital to the functioning of our companies, and especially SMEs. Moreover, the precise impact of the GDPR still needs to be further analysed.

However, Orgalim would like to put forward the following recommendations:

  • Mixed data sets: increasingly, our companies process mixed data sets. For instance, machines collect data on machines’ performance and operations. Sometimes, this data also records how these machines are driven and used by the company’s workers. The ability to connect data to individuals constitutes a personal data dimension to a data set. The ability to use machine-generated data to the fullest extent is key for our companies, as this data is essential for predictive maintenance and resource optimisation, which links to meeting green targets. Therefore, we believe that a lighter process should apply to mixed data sets, rather than the full application of the GDPR. At least, the requirements of the GDPR should be very clear as to processing of these data sets. The European Commission guidance1 on this topic should be more flexible.

  • Innovation: Article 22 of the GDPR has been interpreted as a general prohibition to automated decision-making. This could hamper innovation and put a halt to Europe’s ambitions to lead in AI. In this respect, the existing European Data Protection Board (EDPB) guidelines on automated decision-making should be revised so as to enable automated decision-making.

  • SMEs: We would like to see EU guidelines, specifically aimed at helping SMEs with their GDPR compliance. In particular, the extent of some obligations for SMEs; for example, the recording of processing activities, and the need to appoint a Data Protection Officer, should be clarified. Up to this point, the requirements and cost of compliance have in many cases exceeded the benefits for SMEs. The EDPB should try to create more clarity – especially on requirements for industrial SMEs processing only necessary data related to employees and customers.

  • Harmonisation: Full harmonisation is needed in order to prevent fragmentation of the internal market. In line with the spirit of the GDPR, the EDPB’s coordination role should be strengthened. This is necessary to avoid instances where Data Protection Authorities in the EU Member States provide diverging national interpretation and guidance, and enforce the GDPR differently, thereby creating problems for our companies.

Please download the full position above.

Authors

Selandari
Silvia Selandari
Senior Adviser - Trade and Legal

Related Position Papers

Legal: Orgalim calls for a swift ratification of the Unified Patent Court Agreement [15 June 2020]

Legal: Orgalim input on the GDPR review and evaluation [12 June 2020]

Legal: Orgalim comments on the draft guidance document on the Product Liability Directive [13 February 2020]

Orgalime views on the European Commission proposal on Collective Redress [23 November 2018]

Orgalime comments on the European Commission proposal for a Regulation setting out the conditions and procedure by which the Commission may request undertakings and associations of undertakings to provide information in relation to the Internal Market [29 June 2018]

Orgalime comments on the proposal for a Directive on certain aspects concerning contracts for the sales of goods [20 February 2018]

Orgalime comments on the evaluation of the Product Liability Directive [25 April 2017]

Orgalime comments on the guidance document on the Non-Financial Reporting (NFR) Directive [1 March 2017]

Orgalime comments on the European Commission initiative on “Building the EU Data Economy” [21 September 2016]