The Data Protection Regulation proposed by the European Commission contains important elements to facilitate and secure personal data flows within the Single Market. A harmonised level of protection of individual data is an important objective and all stakeholders have generally welcomed this basic principle. However, when putting the regulation proposal in the complex context in which it is to be implemented, some important issues are revealed. The proposal dictates how data is to be used, regardless of the operational context. It is generally thought to have been influenced by concerns over social networking. This approach implies protection of data rather than protection of privacy and can hardly lead to more flexible instruments for global data flows.
Elina Pyykkö is a Research Fellow at the European Credit Research Institute within CEPS, Brussels.