New EU data protection rules could collapse because of ‘excessive lobbying’, foot-dragging by MEPs, and entanglement in trade negotiations with the United States, Europe’s chief data protection watchdog warned yesterday (29 May).
“There is some concern about excessive lobbying and circulating messages that create wrong impressions,” Peter Hustinx, the European data protection supervisor, told journalists after delivering his annual report to the European Parliament’s civil liberties, justice and home affairs committee.
The review process for the new rules had attracted “enormous attention from industry alleging that data protection rules are a hindrance to innovation”, he said, adding there had been a “full-court press” to influence the legislation.
Right to be forgotten
Hustinx singled out the “right to be forgotten” – a proposal in the data protection regulation designed to protect individuals from having their data retained by internet operators – as a key target of lobbyists.
“The Commission emphasis on the right to be forgotten has created an enormous feedback that nothing should be forgotten, and it’s overstated,” Hustinx said.
He said that it was important to “distinguish the proposal from the rhetoric”. Although the proposal “cannot be delivered in all its details in practice”, he said its emphasis on imposing time limits on the retention of data and stipulating when data should be erased would be welcome.
Many of the provisions in the proposed regulation “make eminent sense” and could be achieved through stronger privacy by design, Hustinx said, adding that business interests from abroad and within Europe had overstated claims that implementing the rules would be too costly and stifle innovation.
Lobbying has stalled passage of the legislation. The Commission’s proposals got off to a good start, Hustinx said, adding that the Irish EU presidency had worked “very very hard – put in extra time” in an attempt to reach agreements.
“But the Parliament seems to slow down, and latest language this morning [29 May] was maybe [agreement on the issues would come] not before the summer, maybe in September,” Hustinx said, adding: “Well, then, time is running out on us, and we cannot afford to fail.”
Trade deal could slow things down
Hustinx said he was he was “ringing this bell” because “this is not only the hot period but also the delivery time”. Failure to approve the legislation before the Parliament’s tenure ends next year would “have serious repercussions in terms of economic development” and offer a bonus to the lobbyists, he said.
Hustinx also warned that a “coalition mixing Transatlantic business interests” was seeking to join negotiation over the new data protection rules to attempts by the EU and the US to reach a comprehensive free trade agreement.
“It is not going to be helpful in finding the solutions we need,” he said, stating that impending EU-US trade talks could further delay the legislation.
"Data protection is entirely compatible with innovation and should not simply be ignored to make way for short term gains. Privacy principles mean that individuals should know and be able to control what their personal information will be used for and have the right to recourse if they are unfairly targeted or discriminated against," said Giovanni Buttarelli, the assistant European data protection supervisor.
“What is I think driving a number of companies is that while we have differences [on data protection] across the Atlantic, our differences are less seen globally, than some others, and if we are not able to get agreement across the Atlantic as democracies with systems that are pretty similar, then how are we possibly going to get agreement with systems that are not very similar?” said Daniel Hamilton, director of the centre for Transatlantic relations at Johns Hopkins University, speaking on 29 May in a talk on the Transatlantic Trade and Investment Partnership.
The European Commission published in January 2012 a broad legislative package aimed at safeguarding personal data across the EU.
The package consists of two legislative proposals: a general regulation on data protection (directly applicable in all member states) and a specific directive (to be transposed into national laws) on data protection in the area of police and justice.
The two proposals have been discussed extensively in the European Parliament and the Council and are due to be voted on by the Parliament in the near future.
2013: Updated data protection rules continue to be negotiated by European Parliament and European Council
- EUR-Lex: Existing Data Protection Directive (24 Oct. 1995) [FR]
- European Commission: Proposed regulation revising data protection rules (25 Jan. 2012) [FR]
- European Commission: Proposed Directive on use of data by security institutions (25 Jan. 2012) [FR]
- US mission to the EU: Five Myths Regarding Privacy and Law Enforcement Access to Personal Information in the European Union and the United States (4 December 2012)
- US Department of Commerce: Informal paper on EU data protection overhaul (16 Jan. 2012)