This is an HTML version of an attachment to the Freedom of Information request 'Data flows and DG Justice'.

Ref. Ares(2017)3875786 - 02/08/2017
FW: Meeting report -  Coalition of European Companies Data 
> Sent: Friday, February 13, 2015 7:01 PM 
BALTA Liene (CAB- 
> Cc: 
> Subject: Meeting report - Coalition of European Companies Data 
> With apologies for late circulation, please find the attached meeting 
> Best regards, 
> Bernd Martenczuk 
> ----------------------------------------------------- 
> Meeting Cabinet Timmermans and "Coalition of European Companies" on the 
Data Protection reform,  
Brussels, 2/2/2015 
> COM: 
> ·      Mr  Bernd Martenczuk (CAB VP Timmermans), 
> ·      
> Coalition representatives: 
> ·         
> ·         
> ·         
> ·         
> ·         
> The scope of the meeting was to convey the position of the "Coalition 
of European Companies"1 on the  
on-going revision of the EU's data protection framework. 
> The new functioning of the Commission was presented as well as the 
interactions between the services  
and the political level (new synergies and dynamics). The key objective 
for the revision of the data  
protection reform was also recalled (finalisation during 2015) by COM, 
and should include a meaningful  
> The members of the Coalition indicated their general support for a 
Regulation directly applicable to the  
private and public sector alike (instead of a Directive currently 
implemented in various ways in the 28  
MS). However, they pointed out to some issues of the Regulation which 
they judge of critical importance  
for the industries they represent.  The handed over a document setting 
out their key concerns  

> A critical point for members seemed to be the joint liability of 
controllers and/or processors (unless  
they prove that they are not responsible for the event giving rise to the 
damage). This aspect was  
perceived as "poor regulation" and not "in sync" with the business 
reality thus creating economic and  
legal risks for EU companies. The members of the Coalition did not 
acknowledge the advancements  
made in terms of clearer splitting of responsibilities between 
controllers and processors done both in the  
Commission proposal for a Regulation as well as in the Council partial 
general approach from October  
2014. COM representatives explained the reasoning behind joint liability 
as a major advantage for data  
subjects confronted with today's multi-facetted processing operations 
which make it very hard to  
distinguish between all the involved controllers and processors. In any 
case, that liability extended only  
towards the exterior, towards the data subject ("Aussenhaftung") and did 
not exclude recuperation  
between controller and processor. Similar concepts existed in EU and MS 
law and  had been applied in  
the COM standard contractual clauses for data transfers to third 
countries (e.g. clause 6 of COM decision  
> Other areas of concern/interest for the Coalition were the provisions 
concerning data protection  
impact assessments, and the one stop shop, which the coalition 
representatives deemed "key" for the  
> The more political message of the Coalition was a need to keep 
interests of European companies in  
mind in the negotiations of the Regulation and to ensure that the 
Regulation will not "block" their  
current business model and bring them a competitive disadvantage. 
> 1 The Coalition of European companies is made up of fifteen European 
organisations, from SMEs to  
global multinationals and NGOs operating in a variety of sectors, on a 
national, regional and global scale.  
They have an aggregated turnover of over € 100 billion and some 520,000 
employees worldwide (cf.  
attached document). 
> <Keep EU growing.pdf>