EU ministers back weaker data protection rules
Most justice ministers in Luxembourg on Monday (15 June) backed a 200-page bill that will have far reaching implications for businesses and the personal details of people they use to turn a profit.
The agreement means the Council, representing member states, can start talks with MEPs on a data protection bill launched three years ago by the European Commission.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
But the ministerial text has not pleased everyone.
Austria rejected it over fears data protection standards would be lower than current rules.
“In Austria we have a tradition of very high protection for data,” said Austria’s justice minister Wolfgang Brandstetter.
Austria is opposed because of a controversial article 6.4 on purpose limitation.
Loopholes
AccessNow, a Brussels-based digital rights NGO, in a statement said companies would be allowed to “collect and repeatedly use citizens’ personal information without their knowledge” under article 6.4.
The NGO accused ministers of eviscerating the bill by “introducing so many loopholes it’s not even consistent with the EU Charter of Fundamental Rights.”
The European Consumer Organisation, Beuc, expressed similar concerns.
It said loopholes should be closed to make sure businesses do not bypass fundamental data protection principles.
The proposed regulation overhauls a two-decade old directive with a single set of binding rules across all member states.
The heavily lobbied proposal received some 4,000 amendments at the parliament before landing at the council last summer.
At its core is the so-called one-stop shop aimed at harmonising data protection decisions across the EU.
End of year deadline
Despite split views on key issues between the two legislating bodies, ministers and lead MEPs on the bill are keen to reach common ground by the year’s end.
Germany’s interior minister Thomas de Maiziere said he hopes “we will be able to conclude this by the end of the year”.
German Green MEP Jan Phillip Albrecht, who steered the bill through parliament, said the text adopted by the ministers on Monday is workable.
“I really think it is possible to get an agreement there,” he told this website.
However some essential differences still need to be worked out.
Denmark wanted a much weaker directive but grudgingly backed the regulation anyway.
Ireland is afraid the new rules will create additional administrative costs for the big tech and internet firms like Facebook, Apple, LinkedIn, Twitter, eBay, and PayPal that it hosts.
Problem areas
Sanctions, consent, risk-based approach, data protection officers, how the one-stop-shop is governed, and how data is transferred to the United States are also problem areas that will need to be resolved.
The council wants weaker sanctions, opposes mandatory data protection officers, and backs “unambiguous” instead of “explicit” consent on personal data.
On transfers, the parliament had introduced a clause to create a legal basis on how firms pass on the data of EU citizens to American authorities.
The same is not included the council version.
“My impression is that in this area many member states wanted that in also but they just didn’t manage to agree on a wording,” said Albrecht.