Renew Europe MEPs demand EU privacy certificate for digital products in their letter to European Commissioners Thierry Breton and Didier Reynders.

In large parts of the world, social-distancing measures were put in place to combat the coronavirus outbreak. Since home-office is the new normal, video conferencing apps are widely used to keep in touch with colleagues and help many organisations to provide much needed business continuity.

We know most of those apps and online services are not safe in terms of privacy, yet we use them, as they offer good services. Together with countless consumer organisations, the Renew Europe Group expects that any digital product or service offered on the European market should be safe and respecting our privacy. That's why Renew Europe MEPs decided to write to the European Commission to examine the use of unsafe applications as regards data protection and privacy, particularly during this corona crisis, and ask the EU executive to establish an EU privacy certificate for trust in the Digital Single Market. Read their letter below.

Brussels, 2 April 2020

Dear Commissioner Mr Thierry Breton,
Dear Commissioner Mr Didier Reynders,

Since the start of the corona crisis, people are having recourse to different (new) digital services and products, for example video conferencing and health applications. Following reports from consumer organisations, many of these applications present concerns in terms of privacy and data security, for example Zoom. However, as these applications offer convenient services, people continue to use them.

People can of course file a complaint with data protection authorities about the privacy and data security issues, but this puts the burden on the individual consumer and is a cumbersome procedure, which does little to protect privacy and data security in the short term. In the meantime, millions of people are using these digital services and products every day.

For many products we use in daily life, we expect and can rely on the safety standards set by the authorities in order to protect consumers. By way of analogy, when we buy a car, we do not need to run our own check of the car, to see if it is safe. We can expect it to meet all the safety standards. We expect that the authorities carry out checks and enforce the rules if car producers and sellers do not deliver safe cars. The same applies to food, toys, and tools inside and outside the house. Consumers do not give it as second thought anymore, as they trust the authorities to enforce the safety standards.

However, when it comes to digital services and products, it seems that the authorities so far leave it up to individual consumers to take on large companies, in order to challenge unsafe products and services.

While we are aware that the Cybersecurity Act does provide for an EU certification as to cybersecurity, ENISA’s work on cyber certificates is still only at an early stage and is not yet prioritising digital services most used. Moreover, the Cybersecurity Act does not specifically address the data protection and privacy aspects of digital services and products, and therefore these must be addressed outside this framework. The GDPR explicitly foresees the possibility to establish data protection certification mechanisms and data protection seals and marks, in order to show compliance with EU data protection and privacy standards.

Against this background,
- Is the Commission aware of digital services and products violating EU data protection law, particularly during this corona crisis?
- Does the Commission agree that trust in the use of digital services and products, particularly during this corona crisis, is vital for citizens’ trust in the EU Digital Single Market?
- Does the Commission agree that digital services and products offered on the European market must be safe, and therefore be checked, especially if many people are using them?
- Will the Commission consider proposing and encouraging the establishment of a certificate showing consumers that EU privacy and data security standards are met?

Kind regards,

Sophie in ‘t Veld, Abir Al-Sahlani, Malik Azmani, Dita Charanzová, Olivier Chastel, Anna Donath, Fabienne Keller, Moritz Körner, Ondřej Kovařík, Nathalie Loiseau, Karen Melchior, Jan-Christoph Oetjen, Maite Pagazaurtundúa, Morten Petersen, Ramona Strugariu, Dragoş Tudorache, Hilde Vautmans