Ministers insert 'review' clause into EU data bill
Justice ministers in Brussels on Friday (13 March) backed the one-stop shop principle in the EU data bill, but said they want to review it in the future.
The one-stop shop is a central oversight feature in the law. It is supposed to simplify complaints and arbitration on EU data protection rules.
Join EUobserver today
Get the EU news that really matters
Instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
The grand plan is to have a single set of coherent EU data rules replace the 28 national ones under the current 1995 directive.
Ministers had already agreed to the shop’s architecture in December, but have since wrangled over technical details on how to make the system work in practice.
The commission says the shop will make it easier for companies because they will have to deal with only one supervisory authority instead of many different ones.
“At the same time, it will be better protect individual’s rights by delivering more effective enforcement,” said EU justice commissioner Vera Jourova.
But the slow pace of getting the bill finalised is creating business uncertainty for companies, with ministers under increasing pressure to reach a broad agreement in June.
Friday’s decision to endorse the one-stop principle and review it later is seen as a response to to pressure by MEPS to get the bill moving. MEPs have been waiting to enter indepth negotiations since last March.
"There has been a year of foot-dragging by EU governments,” said the parliament’s lead negotiator on the bill, German Green Jan Phillip Albrecht, in a statement earlier this week.
The review clause, proposed by Ireland, would mean member states could amend the regulation at a future date.
Ireland, along with the UK, says the clause is needed because the current proposal is too complex and would be abused.
The agreed text says a one-stop shop mechanism should only be used in “important cross-border cases”.
It notes the data protection authority best placed to deliver the most effective safeguards would then adopt the decision.
The European Data Protection Board presides over the one-stop shop. it would arbitrate in disputes between member state supervisory authorities.
A single data authority can trigger a referral of a case to the board, whose decisions are legally binding.
But some say the board should only be referred cases when more than one authority says it is necessary.
“This would have greatly reduced the risk of capricious referrals,” said Ireland’s justice minister.
Under its current form, the board’s decision must be adopted within one month of the referral but this may be extended by another further month on account of the complexity of the case.