This is an HTML version of an attachment to the Freedom of Information request 'Data flows and DG Justice'.

Ref. Ares(2017)3875818 - 02/08/2017
FW: FLASH: meeting with Bavarian business representatives 
Sent: Wednesday, October 14, 2015 11:53 AM 
Subject: FLASH: meeting with Bavarian business representatives 
In a "breakfast" meeting with Bavarian business representatives, 
, and representatives of the PRES 
 and  the DE Ministry of the 
 this morning, main issues have been: 
One-stop-shop: highly welcomed to have one single locator of businesses, based on the 
same law and – as ensured by the consistency mechanism – on a common approach of 
DPAs. Businesses made good experience with the Bavarian DPA, which would give them 
clear advice.   
Pseudonymisation: several representatives questioned whether the obligations of the 
Regulation should fully apply for "pseudonymous data". 
 advocated very strongly for 
"pseudonymous data" as a third category of data, beyond personal data and anonymous 
data, in order to be open for "globalised developments"; he even saw the fundamental 
right to the protection of personal data as "outdated" in the light of the developments 
and potentials in the digital economy. The requirement of "consent" would be too 
 pointed to the legitimate interest ground, which would give a broad range of 
application without requiring consent, as long as covered by "reasonable expectations" 
of the data subject. As regards the definition of "personal data" he stressed the 
condition of "reasonable means" to identify the individual, so that e.g. IP addresses 
should not in all circumstances be considered as personal data.  
The PRES representative pointed to the need to keep the Regulation technological 
 sees the DE approach in the Council, which has not been shared by 
the majority there, as a "middle path". 
Data protection in the employment sector: Businesses criticised the opening clause for 
the employment sector. They are requesting a harmonised approach but with flexibility 
for the companies. The misunderstanding that COM would be aiming to exclude 
"consent" from the application in the employment sector in general, could be clarified.  
Health data: the insurance industry, supported by 
, reiterated their request 
from for introducing the possibility of a contract for processing sensitive data instead of 
relying on "explicit consent", as it is the case under the 1995 Directive.  
International transfers: request for a common approach of DPAs on the consequences of 
the safe harbor judgment in order to provide legal certainty. Very important in particular 

of the costs invested, that BCRs approved under the 1995 Directive will remain valid 
after the entry into force of the Regulation. 
 pointed to the appropriate 
safeguards as set out in the draft Regulation including BCRs and codes of conduct, which 
must be seen in the light of "the corridor of the judgment".  

Document Outline