Legal: Orgalim input on the GDPR review and evaluation

Published: 12 June 2020

Policies & Issues: Legal

In light of the upcoming GDPR review and evaluation, foreseen for June 2020, Orgalim would like to share its views with the European Commission. Given that it has only been two years since the GDPR came into force, Orgalim does not see a need to modify it. We believe a revision at this stage would undermine legal certainty, vital to the functioning of our companies, and especially SMEs. Moreover, the precise impact of the GDPR still needs to be further analysed.

However, Orgalim would like to put forward the following recommendations:

  • Mixed data sets: increasingly, our companies process mixed data sets. For instance, machines collect data on machines’ performance and operations. Sometimes, this data also records how these machines are driven and used by the company’s workers. The ability to connect data to individuals constitutes a personal data dimension to a data set. The ability to use machine-generated data to the fullest extent is key for our companies, as this data is essential for predictive maintenance and resource optimisation, which links to meeting green targets. Therefore, we believe that a lighter process should apply to mixed data sets, rather than the full application of the GDPR. At least, the requirements of the GDPR should be very clear as to processing of these data sets. The European Commission guidance1 on this topic should be more flexible.

  • Innovation: Article 22 of the GDPR has been interpreted as a general prohibition to automated decision-making. This could hamper innovation and put a halt to Europe’s ambitions to lead in AI. In this respect, the existing European Data Protection Board (EDPB) guidelines on automated decision-making should be revised so as to enable automated decision-making.

  • SMEs: We would like to see EU guidelines, specifically aimed at helping SMEs with their GDPR compliance. In particular, the extent of some obligations for SMEs; for example, the recording of processing activities, and the need to appoint a Data Protection Officer, should be clarified. Up to this point, the requirements and cost of compliance have in many cases exceeded the benefits for SMEs. The EDPB should try to create more clarity – especially on requirements for industrial SMEs processing only necessary data related to employees and customers.

  • Harmonisation: Full harmonisation is needed in order to prevent fragmentation of the internal market. In line with the spirit of the GDPR, the EDPB’s coordination role should be strengthened. This is necessary to avoid instances where Data Protection Authorities in the EU Member States provide diverging national interpretation and guidance, and enforce the GDPR differently, thereby creating problems for our companies.

Please download the full position above.

Authors

Selandari
Silvia Selandari
Senior Adviser - Trade and Legal

Related Position Papers

Legal: Join Statement for Product Liability Directive (PLD) trilogues [20 October 2023]

Green Transition: Joint Business statement on the Corporate Sustainability Due Diligence Directive (CS3D) [30 May 2023]

Legal: Joint Industry Statement on the Product Liability Directive [16 May 2023]

Legal: Orgalim comments on the Legislative Proposal for a Directive on AI liability [7 March 2023]

Legal: Orgalim comments on the Legislative Proposal for a Directive on liability for defective products [7 March 2023]

Green Transition: Joint Business Statement on the due diligence proposal (CS3D) [19 January 2023]

Legal: European business community calls for the rapid ratification and entry into operation of the Unitary Patent System [13 October 2021]

Legal: Orgalim comments on public consultation on the Product Liability Directive [2 August 2021]

Legal: Orgalim contribution to the European Commission IPCEI Consultation [23 April 2021]