Out-Law / Your Daily Need-To-Know

Out-Law News 1 min. read

Allow 'legitimate interest' data transfers, says European business lobby group

New EU data protection rules should allow businesses to make "incidental" transfers of personal data outside of the EU where they have a 'legitimate interest' in doing so, a lobby group of 20 European businesses has said.

The European Data Coalition, which includes Ericsson, Nokia, SAP and Volvo, said it supports proposals outlined by the EU's Council of Ministers and called on other EU law makers to do likewise.

"The European Union needs to align its goals with the reality of today’s digital world," the European Data Coalition said in an open letter (2-page / 413KB PDF). "ICT-systems are complex and composed of hardware and software parts from many different countries. Likewise, the expertise to create and maintain these different components is scattered around the world. Given this global dispersion of expert technicians and support personnel for specific products, applications and solutions for a system, it is paramount that we permit them to perform their work remotely, including from a third country. This is a basic requirement for system providers wishing to remain competitive in today’s global distribution value chains."

Under the Council's proposals, businesses would be able to transfer personal data outside of the EU if the transfer is "not large scale or frequent, is necessary for the purposes of legitimate interests" they are pursuing so long as those interests are "not overridden by the interests or rights and freedoms of the data subject".

Data transfers on this basis would only be permitted if businesses had also "assessed all the circumstances surrounding the data transfer operation or the set of data transfer operations and based on this assessment adduced suitable safeguards with respect to the protection of personal data".

"Others have mistakenly made the case that this clause risks lowering the level of protection currently provided under the EU acquis," the European Data Coalition said. "Such arguments, however, do not adequately account for the restrictiveness and the merit of the conditions under which this transfer mechanism would operate."

"Crucially, this derogation does not apply to: bulk or mass transfers of personal data; frequent small scale transfers of personal data; permanent transfers of personal data. Furthermore, the purpose of the transfers envisioned under the derogation are not to process or disseminate personal data but rather to enable support functions, troubleshooting or routine controls. For such functions, the transfer of personal data is purely incidental," it said.

The European Data Coalition said that "random, temporary and non-bulk transfers are necessary and do not pose unacceptable privacy threats". It said the 'legitimate interest' "transfer mechanism" is "desirable to achieve economic benefits such as stimulating EU based investments, competitiveness, job creation and EU based operations" and "does not contradict" the objective of "safeguarding EU citizens’ fundamental rights" through the implementation of the proposed new General Data Protection Regulation.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.