With the trilogue negotiations of the GDPR coming to a crucial phase we are writing you on behalf of tech startups to make our voice heard in favour a data protection framework that helps building trust, protecting the privacy for EU consumers and enables innovation and growth of the economy.

Over 60% of the economic growth in the EU between 1995-2007 is due to innovation, and disruptive innovation is disproportionately driven by young, technology-intensive companies like startups. But startups still face considerable hurdles in a fragmented European Market which in many cases cap innovation and drive successful startups away from Europe rather than allowing them grow here.

We share the view that a harmonised framework will have immense benefits for European consumers and businesses. In order to achieve the full potential of this harmonisation it is however crucial to implement a real one-stop-shop and avoid possible erosion of this principle by the data protection board which may create legal uncertainty the way it its currently drafted. Startups and scaleups should be able to access their local national data protection authorities and contribute to innovative one-stop-shop regimes for giving consent. Too many privacy options are often accepted “by default” without real awareness by users and startups could contribute to the evolution of privacy consent systems.

In today’s data-driven society, we need to understand that data flows are changing and that it is difficult and sometimes impossible to fulfil purpose with conventional instruments. Especially with regards to big data which presents an even larger challenge. The treatment of data as a physical good can create a false impression of privacy. Explicit consent does not increase data protection but creates fatigue and a false impression of data protection, unambiguous consent represents a realistic solution. Rather than push for complicated data protection provisions we urge you to advocate for less complex rules that embrace data flows. Policies should therefore provide for increased transparency and trust in digital services as well as an ease of use for entrepreneurs and startups that will promote economic growth.

Considering this it is all the more crucial that the purpose of data protection legislation, to create a harmonised, technology-neutral and modernised ruleset for the EU, is achieved.

Here are the principles that we believe should be reflected throughout privacy legislation:

• A nuanced and context-related definition of data protection
• Treat data as flows, not as a static commodity
• Maintain legitimate interest to allow further processing of data
• Allow Europe’s startups and scaleups to compete globally with personalised services
• Increase transparency in order to increase trust rather than overload consent
• Consider the impact and the administrative burden of regulation for startups, in particular avoid compulsory DPOs and new risk assessment audits
• Allow data to flow freely and safely across borders
• Ensure fair liability between processors and controllers
• Ensure a future-proof and technology-neutral legislation
• Enable innovation through data portability and smart disclosure

In the context of the Digital Single Market with a projected 415 billion Euro growth for the European GDP we must ensure that our approach to data considers innovation.

A one-size-fits-all approach in legislation often overburdens startups and scaleups, with regard to the recent ECJ judgement on Safe Harbor it is deplorable to see that the additional burden to negotiate standard data protection clauses or binding corporate rules, weighs heaviest on startups and scaleups whereas large corporations easily fulfil these requirements criteria.

We are looking forward to further providing input to your valuable work and thank you for your kind consideration.

Kind regards,

• Guy Levin, Executive Director, Coadec, United Kingdom
• Virginie Lambert-Ferry, Campaign Director, France Digitale, France
• Gianmarco Carnovale, Chairman, Roma Startup, Italy
• Petra Dzurovčinová, Executive Manager, Sapie, Slovakia
• Socratis Ploussas, President Hellenic Startup Association, Greece
• Bastiaan Zwanenburg, Managing Director, Young Creators, Netherlands
• Simon Schaefer, Factory Berlin, Germany
• Carmen Bermejo, Spanish Startup Association, Spain
• Eliza Kruczkowska, Startup Poland, Poland
• Christian Walther Øyrabø, Chairman, Danish Entrepreneurs Association, Denmark
• Ricardo Marvão, Co-founder and Board Member, Beta-I, Portugal
• Veronika Pistyur, CEO, Bridge Budapest, Hungary
• Melissa Blaustein, Founder, Allied for Startups
• Lenard Koschwitz, Director European Affairs, Allied for Startups