Lawfulness Requirements to the Storage of Customer Data in the Digital Product Passport
Keywords:
Digital Product Passport, Ecodesign Regulation, Data Protection, Customer Data, Explicit Consent, ne bis in idemAbstract
With the advent of the Digital Product Passport (DPP), introduced in the Ecodesign for Sustainable Products Regulation (ESPR), information concerning various aspects throughout a product’s value chain – from design to disposal – is to be made available in the future. This pursues the goal of promoting the establishment of a so-called circular economy in the European Union. The possibility of processing personal data within a DPP raises data protection issues, particularly concerning the lawfulness of storing customer data. Challenges arise especially in connection with the interpretation of the terms “explicit consent” and “customer” in Art. 10(1)(e) ESPR, as well as concerning the identification of the applicable sanctions in case of a violation of this article, in particular in view of the principle ne bis in idem. The paper at hand discusses these issues and proposes respective solutions.
