Jan Philipp Albrecht, a German lawmaker from the Greens party, is to present a draft report today (10 January) outlining the Parliament's position on the EU's proposed data protection regime - a regulation tabled by the European Commission one year ago.
Central to the Albrecht report is the premise that data protection is a fundamental right.
“If you want my data, ask for my consent!”, the MEP told a press briefing outlining his reasoning.
“Exceptions from the rules of the regulation should be strictly limited to what is necessary,” said Albrecht, who is rapporteur on the proposal for the Parliament's Committee on Civil Liberties, Justice and Home Affairs.
If Albrecht finds backing among other lawmakers in Parliament and the EU Council of Ministers, this means the EU rules would apply to all companies handling the data of more than 500 EU citizens.
Industry alarmed by Albrecht report
The obligations would also require overseas companies in this category to have an EU-based ‘data representative’ and to comply with general obligations to gain the consent of consumers to the use of their data.
The report provoked criticism from the technology industries and is likely to re-ignite the debate between the United States and EU over how to ensure interoperable systems.
The Industry Coalition for Data Protection, an umbrella group of 15 trade associations including DigitalEurope and the European Digital Media Association, criticised Albrecht’s report, claiming that it failed to strike the right balance.
“Albrecht missed an opportunity to reconcile effective privacy safeguards with rules protecting the conduct of business - both fundamental rights under the EU charter,” a statement from the group said.
“Going forward, we urge members of the European Parliament to take into account the important contributions emanating from other committees, and to enact legislation that maintains user trust while encouraging innovation and entrepreneurship in Europe,” the statement said.
Speaking at a data protection conference in Brussels on 6 December, US Ambassador William Kennard warned that Europe should overcome its misconceptions and stereotypes to find regulatory convergence with the US to pave the way for an interoperable transatlantic data-privacy system.
“The provisions do not recognise the existence of privacy-protection systems that are structured differently, but ensure an equally high level of protection and enforcement, like those in the United States,” Kennard said.
Albrecht said the proposed rule were an attempt by the EU to lay down a global standard for data protection.
“We want to have input into a global standard, but that does not mean that we want to impose unnecessary burdens, and I am open for a discussion and negotiation,” Albrecht said.
Feared impact on smaller firms
An industry source who preferred to remain anonymous told EurActiv that such provisions would hit at the hi-tech ‘App’ innovation market, which is largely US-based.
“Many of these companies are actually very small, though they need to handle a certain critical number of data subjects in order to develop the apps,” said the source.
“Placing burdensome administrative requirements on them would freeze them out of the market.”