UNI Europa feedback on the EU Commission proposal on a framework for the free flow of non-personal data in the EU (2nd Data Package)
Whilst UNI Europa acknowledges the potentials and value of data, we find the 2nd Data Package problematic, unclear and ultimately obsolete on the following grounds:
- Clear definitions to core concepts are lacking: for example, what is non-personal data, and what does the proposal mean by ‘data processing’?
- It is all too clear from experts in the fields of data, data processing and algorithmic design that the very distinction between personal and non-personal data is more of a political issue than a technical one.
- Computer science has shown that non-personal data can be linked and tracked back to individuals, and that de-identified data can be re-identified. Put differently, most data can be made personal depending on the identifiers and data sets used.
- The line between PII (personal data) and non-PII (non-personal data) is not fixed but rather depends upon technological developments and new uses of technology.
- Indeed, in 2010 already, the US Federal Trade Commission, the FTC, acknowledged “the blurring of the distinction between personally identifiable information and supposedly anonymous or de-identified information”.
- Furthermore, taking into account the fact that, in practice, most data sets held by companies are ‘mixed’, i.e. they contain both personal and non-personal data, which cannot be easily separated, and that both the provisions of the General Data Protection Regulation (GDPR) and the 2nd Data Package, if adopted, would have to be applied, this EU legislative proposal will lead to an unnecessary compliance burden, adding complexity rather than removing it.
- The 2nd data package allows for the possible undermining of the GDPR and a breach of fundamental rights.
Thus, for legislative clarity and to avoid grey zones and insecurity, UNI Europa recommends:
a) That the precautionary principle as detailed in Article 191 of the Treaty on the Functioning of the European Union is applied,
b) That this legislative proposal is rejected and,
c) That the provisions in the GDPR are applied to all forms of data.
Further details on the UNI Europa position can be found below and is available for download.
For further information, please contact Christina Colclough at Christina.Colclough@uniglobalunion.org