EU justice ministers agreed on data protection rules at a meeting in Luxembourg today (15 June).
After over three years of negotiations, the Council will start so-called trialogue negotiations with the European Parliament and the European Commission on 24 June to iron out details of the General Data Protection Regulation.
European leaders have vowed to come to a conclusion on the new data protection legislation—an update of a 20-year-old directive—before the end of this year.
Despite Council members’ green light on the regulation, a number of officials voiced concerns with the draft legislation and said they hope trialogue talks will help beef up articles on data processing, data transfers outside the EU, the one-stop-shop measure for addressing data complaints and other fraught points.
Ministers also jumped on the Council text’s language on liability for companies that violate the data protection law, arguing it would put a financial burden on technology businesses.
Polish, Bulgarian, Danish and other ministers criticised article 6.4 of the draft regulation, which allows companies to process data for reasons other than the ones users originally agreed to, provided companies have a “legitimate interest”.
Industry groups have argued that restrictions on further data processing would damage businesses and chip away at advertising revenue.
A majority of officials approved the Council approach, though many were at pains to list their remaining grievances. But Austria and Slovenia gave the draft law a thumbs down.
Austrian Minister of Justice Wolfgang Brandstetter said he wouldn’t support the legislation yet, but hopes trialogue talks will bring the regulation closer to Austria’s strict data protection standards.
“In Austria, we’re very much wedded to the idea that our high level of data protection must not be watered down,” Brandstetter said, citing his disapproval of the contentious article 6.4.
Monique Goyens, director of consumer rights group BEUC, also criticised that legislation’s clause on companies’ use of data. “We must ensure business opportunities presented by “big data” do not result in an erosion of consumer rights,” she said.
While other officials gave lukewarm endorsements of the data protection legislation, German Minister of the Interior Thomas de Maizière cheered on the Council approach.
De Maizière acknowledged unease over the law, but called for ministers to move forward.
Germany’s interior minister said he hopes the European Commission’s ongoing negotiations with the US will ease concerns over data transfer abroad.
“I hope we will achieve something with regards to the United States and the negotiations on Safe Harbour so that we can raise the level of protection but at the same time continue to exchange data with the US,” de Maizière said.
>>Read: Safe Harbour deal held up by US
Justice Commissioner V?ra Jourová said she was “confident the compromise text is a good basis” for negotiations with the European Parliament. “At least we know that on fundamentals we do see eye to eye,” Jourová said.
German MEP Jan Philip Albrecht (Greens), Parliament rapporteur on the data protection package, called the Council agreement encouraging for the negotiations set to start later this month.
Albrecht said of the remaining issues that need to be parsed out, “There are clearly differences, notably as regards the rights afforded to consumers and duties to be fulfilled by businesses.”
“However, if we can engage in constructive and pragmatic negotiations, it should be possible to reach a compromise acceptable to both sides in that timeframe.”
Existing European rules on data protection were adopted in 1995, when the Internet was still in its infancy.
In January 2012, the European Commission published a vast legislative package aimed at replacing the existing rules and giving greater protection to personal data across the EU.
The package includes two legislative proposals: one general regulation on data protection (directly applicable in all the member states) and one directive specifically aimed at data protection in the police and the justice systems (to be transposed into national law).
Since then, the data protection debate took a new twist with revelations about US eavesdropping activities.
Whistleblower Edward Snowden revealed in 2013 that the NSA had secret wide-reaching authority to snoop on emails and internet communications using a data-mining programme called Prism.
European politicians reacted angrily to the news and called for stricter measures to ensure privacy.
European leaders want to agree on data protection reform by the end of 2015