![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
The Senate, in its European resolution of March 6, welcomes the objective of harmonization of data protection rules as well as additional guarantees, such as the right to be forgotten, data portability, limits to profiling activities and a mandatory data protection officer.
However, the Senate considers that these guarantees must be strengthened. An automatic deletion of indexed personal data after a certain time should be required from search engines. Moreover, data subjects should have the right to ask for the deletion of damaging contents, in compliance with the right of freedom of speech. The IP address should be characterized as personal data each time it is used to identify an individual. Also, the appointment of a data protection officer should be mandatory for companies whose main business consists in carrying out data processing activities.
Besides, the Senate points out the measures raising concerns with respect to the level of data protection in the European Union:
- The prominent powers of the European Commission concerning the application of the European regulation and the residual role of member states and Data Protection Authorities (DPAs) are challenged by the Senate. This operating mechanism is considered as not being in line with the objective of ensuring a high data protection level within the European Union. The Senate claims for member states to have the possibility to enact rules more protective than the European regulation when necessary ;
- The rule of the jurisdiction of the DPA of the main establishment, when a company located in the European Union carries out data processing in different member states, is considered as protective only for companies but not for individuals, who will be deprived of the benefits of having their claim handled by the DPA of their own country;
- The requirement for a DPA to have a reasonable reason to suspect that a data controller is in breach, for investigating is considered as inappropriately limiting the DPA’s investigation power. Indeed, investigating will be the only way for DPAs to verify compliance of data processing when companies will be exempted from prior formalities with the DPA.
This European resolution is globally in line with the resolution
in February by the National Assembly.
