EU data protection rules 'on schedule' despite delay
By Benjamin Fox
Despite not having begun formal deliberations in committee, the European Parliament is on course to define its position on the EU's new data protection regime by mid-2013, according to data privacy expert Sophie In't Veld.
Speaking with EUobserver, the Dutch Liberal MEP, who chairs the European Parliament Privacy Platform and is among the assembly's leading authorities on data privacy, confirmed that MEPs were "on schedule".
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
German Green MEP Jan Philip Albrecht has the difficult task of piloting the regulation - described by In't Veld as "one of the most complex pieces of legislation in my career" - through parliament.
Albrecht is expected to table his draft report to the assembly's Civil Liberties committee in January 2013, with some concern that any further delays could prevent the bills being completed by the European elections in 2014.
Under the parliament's rulebook, legislation which is not approved before the end of the legislative term automatically fall. But In't Veld said Albrecht was "doing a good job" in keeping the timetable on schedule. The political groups have a "united position on most of the main issues" in the package, she added.
Justice Commissioner Viviane Reding tabled the proposals in January. Alongside measures to increase individual control over personal data, are sanctions, including fines, for non-compliance. The parliament has to yet to give its opinion.
The proposals include steps to allow individuals to control the use of their data and to tighten rules on data transfers to businesses and governments outside the EU.
Only organisations that sign up to "safe harbour privacy principles" would be able to have access to the personal data of Europeans, along with a handful of countries whose data protection laws are deemed to be "adequate".
Speaking at the annual European Data Protection and Privacy conference on Tuesday (4 December), US ambassador to the EU, William Kennard, called for the US to be given "adequate status."
But In't Veld says MEPs are unlikely to back down on tightening the rules on third country data exchange. "How can there be exchange of information if we don't know what is will be used for?", she asks, adding that data protection provisions are "a precondition for the exchange of data."
US government officials have also made a concerted lobbying effort to water down the provisions.
Speaking at a European Parliament debate in October, US deputy assistant attorney general, Bruce Swartz, told MEPs that the requirement for the renegotiation of international treaties within five years as well as those on data transfer rules would "cripple international investigations."
He added that the draft directive would make it "virtually impossible for EU member states to enter into bilateral agreements on law enforcement."
In't Veld says government ministers are the main roadblock to reform, and are attempting to weaken the new regime by transferring provisions from the regulation, which must be rigidly enforced, to the minimum harmonisation directive.
A number of governments are insisting that the regulations, which already exempt some law enforcement authorities, should treat public authorities more leniently than businesses.
However, speaking at the same event, Commissioner Reding said that it would be "irresponsible and make the legislation incomplete".
If the data protection package makes it into law, the next challenge will be to ensure that member states implement the new regime.
The data retention directive, which came into force in 2006, has courted controversy, with the European Data Protection Supervisor (EDPS) complaining that the bill, which allows governments to retain telecommunications data for up to two years, has been widely abused.