Keep up to date with our blog articles, latest news and industry developments. See below for the latest posts or use the category listings to hone your search for stories of interest.
European Data Protection Supervisor supports proposed Directive to prevent personal data being used as payment for digital content
Proposed Directive would apply to music streaming and similar services.
The European Data Protection Supervisor, Giovanni Buttarelli (EDPS), has published an opinion expressing his support for aspects of the proposed EU Directive on contracts for the supply of digital content (proposed Directive).
The proposed Directive aims to harmonise laws across the European Union in relation to the supply of digital content such as the streaming of music. It sets out minimum standards with which suppliers of digital content must comply when supplying to consumers, but does not apply to business to business transactions.
The supply of digital content to consumers in exchange for personal data is prohibited by the proposed Directive, unless the personal data has been collected for the sole purpose of meeting legal requirements.
The EDPS has therefore welcomed the proposed Directive’s aim of avoiding the fundamental right to data protection becoming a commodity. Furthermore, the EDPS has warned that the proposed Directive should not interfere with the information rights secured by the incoming General Data Protection Regulation (GDPR).
“When something online is free, you’re not the customer, you’re the product” has become a cliché, but whilst such a business model is attractive to some tech businesses, treating personal data as merely a marketable commodity runs entirely contrary to the EU’s approach most recently exemplified in the GDPR.
Concerns in relation to personal data becoming a commodity have arisen in relation to new technologies such as personal information management systems (see our previous blog posts here).
It is not yet clear whether the proposed Directive will take effect in the UK as, if approved, it is likely to be implemented after the UK has left the EU (subject to any transitional arrangement). It remains to be seen to what extent the UK’s regulatory regime will diverge from the EU following Brexit, but to trade more easily with the European member states, the UK Government may decide to align UK consumer law with the European requirements. As we have previously noted, the GDPR’s extraterritorial application means that UK businesses offering goods or services to the EU will be regulated in any event.
The EDPS opinion can be read in full here.
You can read our previous blogs on data protection and the GDPR here.
This blog post was written by Amelia Day, trainee solicitor at White & Black.
Disclaimer: This article is produced for and on behalf of White & Black Limited, which is a limited liability company registered in England and Wales with registered number 06436665. It is authorised and regulated by the Solicitors Regulation Authority. The contents of this article should be viewed as opinion and general guidance, and should not be treated as legal advice.