Potential delay on Data Protection regulation could affect cosmetic consumers

With the European Parliament and member states logging heads on various issues, analysts reckon imposing the new Data Protection Regulation Act could be delayed, meaning personal data could be exposed.

The legislation affects any business or organisation that gathers, processes or stores personal data. Due to come into effect early this year, the regulation is designed to unify and simplify data protection in Europe.

As more cosmetic brands moved into the digital space to engage with shoppers in the last 5 years, consumers have been increasingly required to provide personal details to access the likes of make-up tutorials, competitions, databases to match products to their skin or when purchasing products online.

The delay in this legislation could mean customer data archived in cosmetic company portfolios could be accessed by US authorities for example.

Holding things up..

According to German Green MEP Jan Philipp Albrecht, the vice-chairman of the Parliament's civil liberties committee; issues surrounding informed consent for the use of data, sanctions, privacy by design and red tape remain sources of friction between the European Parliament and member states.

He tells political affairs watchdog EurActiv that Germany, France and the UK have been holding up negotiations around the regulation.

"Germany and France are both sensitive to the idea that data issues could be decided in the smaller member states with less established data protection traditions,"  Albrecht reports. 

What the regulation will do, once in place

The GDPR will help by clarifying the responsibilities of organisations relating to the data they handle and store, making it easier for EU and non-European companies to comply and avoid penalties.

It now contains measures to protect the personal data of European citizens. Any company or organisation sending personal data outside the European Union without permission could face significant fines of up to €100m or up to 5% of worldwide turnover if found to be in breach of its rules.

The call for the new regulation follows a scandal involving a US cyber espionage programme PRISM, whereby the American National Security Agency (NSA) was receiving information from large internet companies about their European customers.