Ref. Ares(2017)3875818 - 02/08/2017
FW: FLASH: meeting with Bavarian business representatives
Wednesday, October 14, 2015 11:53 AM To:
O'CONNELL Kevin (CAB-JOUROVA);
FLASH: meeting with Bavarian business representatives
In a "breakfast" meeting with Bavarian business representatives,
, and representatives of the PRES
and the DE Ministry of the
this morning, main issues have been:
One-stop-shop: highly welcomed to have one single locator of businesses, based on the
same law and – as ensured by the consistency mechanism – on a common approach of
DPAs. Businesses made good experience with the Bavarian DPA, which would give them
Pseudonymisation: several representatives questioned whether the obligations of the
Regulation should fully apply for "pseudonymous data".
advocated very strongly for
"pseudonymous data" as a third category of data, beyond personal data and anonymous
data, in order to be open for "globalised developments"; he even saw the fundamental
right to the protection of personal data as "outdated" in the light of the developments
and potentials in the digital economy. The requirement of "consent" would be too
pointed to the legitimate interest ground, which would give a broad range of
application without requiring consent, as long as covered by "reasonable expectations"
of the data subject. As regards the definition of "personal data" he stressed the
condition of "reasonable means" to identify the individual, so that e.g. IP addresses
should not in all circumstances be considered as personal data.
The PRES representative pointed to the need to keep the Regulation technological
sees the DE approach in the Council, which has not been shared by
the majority there, as a "middle path".
Data protection in the employment sector: Businesses criticised the opening clause for
the employment sector. They are requesting a harmonised approach but with flexibility
for the companies. The misunderstanding that COM would be aiming to exclude
"consent" from the application in the employment sector in general, could be clarified.
Health data: the insurance industry, supported by
, reiterated their request
from for introducing the possibility of a contract for processing sensitive data instead of
relying on "explicit consent", as it is the case under the 1995 Directive.
International transfers: request for a common approach of DPAs on the consequences of
the safe harbor judgment in order to provide legal certainty. Very important in particular
of the costs invested, that BCRs approved under the 1995 Directive will remain valid
after the entry into force of the Regulation.
pointed to the appropriate
safeguards as set out in the draft Regulation including BCRs and codes of conduct, which
must be seen in the light of "the corridor of the judgment".