IAPP Panel Discusses Next steps for Data Protection & Data Marketing

Brussels, Thursday 18 November – The Federation of European Data & Marketing (FEDMA) organised a high-level panel yesterday at the 2021 IAPP Europe Data Protection Congress in Brussels. Its topic was no less than the future of data-driven marketing in a growing world focused on privacy and data protection.

Copyright FEDMA

The panel, titled Data Marketing & Data Protection: What Happens Next?, was moderated by Asli Yildiz, Head of Legal at the DMA UK and composed of Karolina Mojzesowicz, Deputy Head of Unit Data Protection at the European Commission; Olivier Proust, CIPP/E, Partner, Privacy, Security and Information at Fieldfisher; and Sachiko Scheuing, CIPP/E, Co-Chairwoman, FEDMA and European Privacy Officer at Acxiom.

Below are some main takeaways from the session:

• Companies are pulling out of the EU due to the increasing difficulty to be compliant with the consent requirements (which tend to favour global gatekeepers) and layers of regulatory frameworks. Rather than over complexifying regulation, the solution should include a harmonised enforcement and a risk-based approach on a case by case
• The European Commission stands fully behind the GDPR, Codes of Conduct and the use of Legitimate Interest through the recital 47 if organisations observe the conditions of correct use of this legal basis, in particular by carrying out the appropriate assessments of the expectations and balancing test.
• The Digital Services Act and Digital Markets Act will provide additional transparency to the industry and clarify aspects of the possibility to pull data for some undertakings.
• The GDPR is a necessary and essential framework only to the extent that it is used properly by companies, which too often misunderstand consent as being the key legal basis, with a “silver bullet” effect, and overlook other basis which could apply such as legitimate interest depending on the context. Practioners must dialogue within companies to make proper assessments.
• A harmonised approach to enforcement is necessary
• Codes of Conduct are an essential feature of the GDPR, but their adoption and implementation are too lengthy and difficult. This leads to reluctance from industry sectors to pursue a code of conduct
• In an increasingly complex privacy environment, the focus of legislators must be on scalability instead of a one-size-fits-all approach. Practical and consistent guidance is needed from authorities.

Contact us for more insights.

Panel summary: The GDPR brought a unified legal framework for the Digital Single Market and the empowerment of data subjects. That much is clear. But as the EU upholds its privacy values and global competition increases, what will the data and marketing sector look like tomorrow with supervisory authorities making an example out of them and further legislation already on the horizon (ePrivacy, DSA/DMA)? Focusing on data and marketing, this panel discussed the interpretation of the lawful basis for GDPR most relevant for marketers (consent and legitimate interest) to understand how brands can still — legally — reach out to prospects and retain their customers. The panellists shared their point of view from an institutional, legal and industry perspective on the legacy of the GDPR, the upcoming proposals impacting data processing, the views of key DPAs on the matter and the future of data and marketing itself.