Page 23 - BIPAR Annual Report 2020_EN
P. 23
individuals that their right to privacy is synonymous with a in fostering a consistent application of the rules in the
right to anonymity. EU and encourages it to continue its work in preventing
fragmentation in the approach taken on the interpretation
The objective of the event was to seek stakeholders views of the GDPR by DPAs.
on the points they would like to see addressed in future - BIPAR mentions difficulties of its members in
guidelines on data subject rights. complying with requirements vis-à-vis data subjects that
are not part of the contracts.
Commission report on the GDPR - BIPAR mentions the difficulties of its members on
Just over one year after the entry into application of requesting explicit consent for processing health related
the GDPR, the European Commission published end of data in insurance contracts where the processing of
July 2019 a report looking at the impact of the EU data such data is necessary to be able to execute the contract
protection rules, and how implementation can be improved correctly. Different justifications under Article 9 GDPR are
further (link). In general, the report concludes that the being used across Member States for processing health
new data protection rules have achieved many of their data in an insurance context. BIPAR suggested that a more
objectives: Most Member States have set up the necessary harmonised approach would be useful.
legal framework and the new system strengthening the BIPAR would welcome further clarifications by EDPB on these
enforcement of the data protection rules is falling into notions including further examples of the determination
place. Businesses are developing a compliance culture, of controller/processor (e.g. in particular in relation to
while citizens are becoming more aware of their rights. At specialist service providers (insurance intermediaries)
the same time, convergence towards high data protection where they process personal data in accordance with their comprehensive and to foster innovation by being able to In its response to the Commission’s consultation on the
standards is progressing at international level. regulatory and/or professional obligations). adapt to different situations without being complemented future report on the GDPR evaluation, BIPAR explains that:
by sector-specific legislation. The EDPB underlines that
As far as the insurance sector issues are concerned, the Building on the 2019 July report, the Commission is the GDPR is fully applicable to emerging technologies and - The EU and in particular its GDPR, is today a
report refers several times to the expected to issue its report on the it will continue to elaborate on the impact of emerging global reference point for data protection rules. It is a huge
contribution from the European implementation of GDPR in June technologies on the protection of personal data. The EDPB achievement. The evaluation exercise that the European
Commission Multi-stakeholder 2020 (Article 97 GDPR). The aim will acknowledges that the implementation of the GDPR has Commission is currently carrying out of that key Regulation
Experts Group to the Commission be to assess the progress made been challenging, especially for small actors, most notably is important.
report. BIPAR is represented within after two years of application. The SMEs. After only 20 months of GDPR application, the EDPB - The insurance distribution industry has invested
that Group via SMEunited of which report is also expected to reflect takes a positive view of the implementation of the GDPR a lot of time and money to comply with the GDPR. Its
BIPAR is a member. The Expert the Covid-19 crisis reality (use of and is of the opinion that it is premature to revise the implementation has been and still is challenging for our
Group contribution includes many data to fight the pandemics). legislative text at this point in time. Rather than revising industry, especially for SME intermediaries.
of the points that were made by the GDPR itself, the EDPB calls upon the EU legislators, in - It is premature to reopen and amend the GDPR
BIPAR during the drafting of the For that purpose, the Commission particular the European Commission, to intensify efforts today as there is a lack of clear and comprehensive
paper. These points were prepared has to take into account the towards the adoption of an ePrivacy Regulation to complete experience in the application of the text. Any review of
after various consultations of BIPAR position of the Council of the EU the EU framework for data protection and confidentiality of the GDPR should lead to changes only where there is
members. and the position of the European communications. clear evidence of concrete benefits, based upon a strong
Parliament, but also other relevant economic rationale.
Among others, BIPAR key points sources, such as the European - It is important that the GDPR remains a flexible
(included in the Multi-stakeholder Data Protection Board (EDPB). and technology neutral framework and does not prevent
Experts group paper) are the innovation.
following: In its position published in - It is important that the upcoming report also
- BIPAR and its members February 2020, the EDPB explains reflects the Covid-19 crisis reality, and more in particular
value the importance of codes of that the application of the GDPR in the use of data to fight the pandemics, and addresses in
conduct in helping them comply this first year and a half has been this context issues such as the lawfulness of processing, the
with the GDPR. successful. The EDPB emphasizes core principles relating to the processing of personal data,
- BIPAR notes positively that the GDPR is a technologically the use of mobile location data and employment.
the achievements of the EDPB neutral framework designed to be
22 23
