- Telefonica supports the EU's proposal to strengthen data protection laws but believes some measures could undermine the free flow of digital data and reduce competitiveness. - Specifically, the rules around transferring data to third countries are too rigid and should recognize international data transfers within company groups. Notifications to authorities about data transfers should also be limited. - The "right to be forgotten" raises issues if not limited for purposes like statistics, research, and legal reasons, and companies need flexibility on requests.

1. European data protection for the digital era
- Position Paper -
Summary :
An evolution of EU legislation is a necessity. Our company, Telefonica, support it but reports
certain points that require changes in the current project so as not to obstruct free competition
and economic efficiency of digital businesses in the European Union.
Introduction :
With globalization and digitization of the world, information and data flows have increased
exponentially, especially via social networks, cloud, and connected objects. In fact, in a few
years, digital practices of users, such as individual companies, have been revolutionized.
The European Union, it was shown at peak in the 1990s, voting Directive 95/46 / EC which for
the first time, protected personal data in governing their use. But a little over 15 years later,
Parliament took note of the overflow of the existing rules and the European Commission
proposed, on 25 January 2012, a comprehensive reform of the rules on personal data.
Our company, Telefonica, salute this Commission proposal, proposing to strengthen the control
of citizens on their data, increase the confidence of the latter in social media, e-commerce and
in their telecom operators.
We believe that this new legislation is going in the right direction. However, in the present state
of things, starting with a good feeling, various measures are counterproductive and may
undermine the free flow of digital data.
Data transfer to third countries :
the 1995 Directive, too rigid, leads to obstruct the free movement of digital data of European
companies. But the draft regulation does not solve the problem. Indeed, it proposes that in case
of request of a non-EC country, personal data transfer processed within the EU, the company
must receive permission from the National Authority for data protection, and more to inform
the person concerned.
From our point of view, the European Union should recognize the concept of "group of
companie” so that the international transfer of data within the same group of companies is
facilitated. It would produce a reduction of the administrative burden on European companies,
with the key to gain competitiveness.
Another important step would be to limit the obligation to notify the national data protection
agency about data transfers. The notification was never, and should not become, a basic

2. requirement, even if some European states have transposed the 1995 directive with a broad
interpretation. For example, in Spain, a notification is mandatory in all cases involving the
transfer of data, not only to a non-EC country, but also within the European Union and on
Spanish soil. This misinterpretation of the Directive has become a barrier to the free movement
of personal data, under Article 1.2 of the Directive.
Another problem of economic and political strategy is posed by the issue of transfer of personal
data to a third country. Indeed, GAFA (Google, Apple, Facebook, Amazon, ...), US companies,
are governed by US law on data. Thus, various digital sectors, such as cloud services that
Telefonica offers, are governed by two separate rights, leading to a de facto inequality and a
breach of free competition between companies. We wish for the good of the European Union,
its businesses and its citizens, the flattening of the legislation on digital data restore equality
between businesses.
The right to be forgotten :
The regulation being discussed plans to introduce a "right to be forgotten". Partisan freedoms,
Telefonica support recognition of individuals' rights over their data.
However, in a logic of free competition and economic efficiency, we would like to fixe some
limits when data are used for statistical purposes and scientific research, as for legal reasons. In
addition, a flexible delay should be granted to companies to study each request.
---
Stratégie :
Le 25 janvier 2012, la Commission européenne a déposé une proposition de règlement et de
directive concernant sa politique en matière de données numériques personnelles. Après une
phase de votes des commissions du marché intérieur, de l’industrie et de l’emploi, le délai pour
le dépôt des amendements en commission des libertés civiles était le 27 février 2013. Un
premier débat sur les amendements a eu lieu à partir du 20 mars et nous arrivons, début mai
2013, au deuxième débat sur ces amendements.
Dans cette phase, nous souhaitons nous rapprocher de la Europen Telecommunications
Network Association (ETNO) afin de gagner en influence et en efficacité. Surtout, nous allons
transmettre notre argumentaire au Rapporteur de la commission des libertés civiles, Jan Philipp
Albrecht (Verts, Allemagne). Celui-ci est plus attaché aux libertés civiles qu’à la liberté
d’entreprise : s’il est réfractaire à faciliter l’envoie de données personnelles à un individu, il
sera probablement favorable à légiférer afin de soumettre les entreprises américaines au même
droit que les entreprises européennes en matière de données numériques. De même, créer un
droit à l’oubli qui ait des limites à des fins de statistiques, de recherche scientifique et pour des
raisons judiciaires semble un bon compromis que le rapporteur devrait accepter.