Key political & regulatory institutions:

European Union (EU) - the four main decision-making bodies in the European Union are the European Commission, the European Parliament, the Council of the European Union and the European Council. ESOMAR, in cooperation with EFAMRO, monitors and reacts to developments from each of these powerhouses. Find out more about each institution below:

European Commission (EC) - The EC is managed by a President and a group of Commissioners from the 27 EU Member States  who are responsible for managing different portfolios. The Commissioners currently most relevant to market research are:

Vice-President Dr. Viviane Reding, is responsible for Justice, Fundamental Rights and Citizenship, including data protection.  The central piece of data protection legislation in the EU is the 1995 Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data which provides certain exemptions for the research industry.  Read more on recent news about Commissioner Reding’s and her views and insights on opinion polls research.

Vice-President Ms. Neelie Kroes, is responsible for the EU’s Digital Agenda policy which includes promoting the free movement of data around the EU and boosting the EU economy and overseeing how businesses manage and self-regulate themselves in the online space.  Commissioner Kroes has focussed on issues relating to online advertising but also web tracking practices more generally. The Digital Agenda prioritises the development of standards and promotes industry dialogue to help businesses adapt to emerging technologies such cloud computing.

The EC also has administrative services to design and implement day-to-day policies including advisory groups of Member State authorities. One such group of particular interest to the research sector is the Article 29 Working Party, which is comprised of representatives of Data Protection Authorities in the EU Member States. Although it issues influential opinions on how to promote the uniform application of EU Directives,  the EC is not obliged to take them on board.

European Parliament (EP) - Members of the European Parliament (MEPs) are elected by voters in the EU’s 27 countries. They often issue strong views on areas such as the requirement for opt-in for cookies, data protection, advertising to children and industry self-regulation, all of which are relevant to market research. The EP’s 20 policy committees hold an important position in that they provide influential guidance to the EC for the  introduction of laws or amendments of many of the joint EC/Council of Europe legislative proposals. ESOMAR monitors discussions in several such committees including:

  • Civil Liberties, Justice and Home Affairs (in charge of data protection issues)
  • Industry, Research and Energy
  • Internal Market and Consumer Protection
  • Culture and Education

Find out about the MEPs from your country and their interests relating to market research

The Council of the European Union brings together the relevant ministers from national governments for different themes of discussion at the EU level. For market research, ESOMAR monitors the Justice and Home Affairs Council and its related working parties for data protection related issues. The EC makes regular progress reports on new draft laws to the national Justice Ministers in this Council.

The European Council brings together the Heads of State of the Member States in the EU.

Other EU bodies and institutions - Forming part of the EU’s institutional structure, committees such as the Committee of the Regions which represents local authorities and the Economic and Social Committee, representing groups such as employers, employees and other civil society representatives, normally have a consultative or advisory role only.  However, the European Data Protection Supervisor, who is very influential in advising on policies and legislation that affect data protection and  privacy issues, cooperates with similar authorities within and outside the EU to ensure consistent data protection.

Council of Europe (CoE) - The CoE, not to be confused with the European Union, is based in Strasbourg (France) and consists of 47 member countries. The CoE seeks to develop common and democratic principles throughout Europe based on the European Convention on Human Rights (Convention) and other reference texts on the protection of individuals. It promotes democracy and protects human rights and the rule of law in Europe. The European Court of Human Rights rules on individual or State applications alleging violations of rights set out in the Convention. The CoE’s remit covers areas of significant importance to researchers including the promotion of legal standards in data protection and the freedom to conduct and publish opinion polls - particularly during elections - and. On opinion polls, Article 10 of the Convention on the freedom of expression is particularly important for researchers.

The CoE also promotes protection of the freedom to conduct opinion polls through its 2007 Recommendation of the Committee of Ministers on measures concerning media coverage of election campaigns.

The CoE work on processing an individual’s personal data was the inspiration for the 1995 EU Directive. Forty-three governments in Europe have acceded and ratified the CoE Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, although it is currently under review in parallel to the EU’s own review. ESOMAR will continue to closely follow the CoE work on profiling techniques.

Federal Trade Commission (FTC) - This US Federal Government agency ensures consumer protection and regulates competition between businesses in the United States. It has done high profile work on data privacy, including telemarketing and recently, the Federal Trade Commission (FTC) has embarked on an in-depth review of how it approaches regulation of personal data and consumer privacy in the online environment, following high profile data losses by several large companies and public entities.

There has been a remarkable increase in dialogue between the EU and FTC in recent years, as regulators in both regions strive to find a solution to global issues such as the massive increase in cross-border transfer of data. ESOMAR cooperates with CASRO and other parties to ensure that messages from the market research sector are properly aligned for regulators that look increasingly beyond their own national borders.

Asia Pacific Economic Cooperation (APEC) – APEC has been working since 2004 on common Privacy Framework Principles. Countries within the APEC region have adopted different privacy regimes each with varying requirements, with some having yet to fully consider policies on the protection of personal information.

A series of projects have been undertaken by APEC economies, through the APEC Data Privacy Pathfinder implementation process,  to develop a system of accountable cross-border data flows under the guidance of the APEC data privacy Framework Principles. This includes encouraging organisations to develop their own Cross-border Privacy Rules for data transfer.

An APEC Cross-Border Privacy Enforcement Arrangement (CPEA) was set up in July 2010. This provides the first mechanism in the APEC region for Privacy Enforcement Authorities to share information and provide assistance for cross-border data privacy enforcement. ESOMAR has alerted relevant associations in the region and will be liaising with them for further follow-up.

Organisation for Economic Co-operation and Development (OECD) - A forum of 34 countries exchanging information and developing standards through common policies, the OECD has led work on data privacy through its Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (introduced 1980), which provided a framework for EU and other regional work internationally. The OECD Working Party on Information Security and Privacy (WPISP) is looking to update the guidelines and is currently having a dialogue with policymakers globally to address wide divergence in standards for data protection in different countries. GPEN – the Global Privacy Enforcement Network (hosted by OECD), is comprised of thirteen privacy enforcement agencies around the world which joined forces in 2010 to facilitate cross-border cooperation in the enforcement of privacy laws.  The launch of GPEN implements a key provision in the 2007 OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy.