“…simplicity and flexibility are key…” if the new EU Regulation is to work as a long term framework for the protection of privacy rights, according to the European Data Protection Supervisor (EDPS).
The EDPS strongly advocates a simple and clear text to enable controllers to easily understand their obligations, and its’ proposed text is 30% shorter than existing drafts and emphasises the need for clear definitions; for data processing to have a clear legal basis and be purpose limited; and for the future of data protection legislation to avoid “micromanagement of business processes” which “risks being outdated”.
The EDPS suggest that any gaps should be filled by “accountability and guidance from data protection authorities”. This of course raises the prospect of the possibility of lack of clarity but on the positive flip side this approach would mean that the legislation is to an extent future proofed by allowing flexibility.
The EDPS opinion is of course non-binding but for anyone interested the EDPS have made their opinion available as a mobile app!