A key European Parliament lawmaker seeks to bolster the EU's proposed data protection rules and bring companies throughout the world under its authority, triggering warnings from the US technology industry about a revival of transatlantic tensions over online privacy.
Jan Philipp Albrecht, a German lawmaker from the Greens party, is to present a draft report today (10 January) outlining the Parliament's position on the EU's proposed data protection regime – a regulation tabled by the European Commission one year ago.
Central to the Albrecht report is the premise that data protection is a fundamental right.
“If you want my data, ask for my consent!”, the MEP told a press briefing outlining his reasoning.
“Exceptions from the rules of the regulation should be strictly limited to what is necessary,” said Albrecht, who is rapporteur on the proposal for the Parliament's Committee on Civil Liberties, Justice and Home Affairs.
If Albrecht finds backing among other lawmakers in Parliament and the EU Council of Ministers, this means the EU rules would apply to all companies handling the data of more than 500 EU citizens.
Industry alarmed by Albrecht report
The obligations would also require overseas companies in this category to have an EU-based ‘data representative’ and to comply with general obligations to gain the consent of consumers to the use of their data.
The report provoked criticism from the technology industries and is likely to re-ignite the debate between the United States and EU over how to ensure interoperable systems.
The Industry Coalition for Data Protection, an umbrella group of 15 trade associations including DigitalEurope and the European Digital Media Association, criticised Albrecht’s report, claiming that it failed to strike the right balance.
“Albrecht missed an opportunity to reconcile effective privacy safeguards with rules protecting the conduct of business – both fundamental rights under the EU charter,” a statement from the group said.
“Going forward, we urge members of the European Parliament to take into account the important contributions emanating from other committees, and to enact legislation that maintains user trust while encouraging innovation and entrepreneurship in Europe,” the statement said.
Speaking at a data protection conference in Brussels on 6 December, US Ambassador William Kennard warned that Europe should overcome its misconceptions and stereotypes to find regulatory convergence with the US to pave the way for an interoperable transatlantic data-privacy system.
“The provisions do not recognise the existence of privacy-protection systems that are structured differently, but ensure an equally high level of protection and enforcement, like those in the United States,” Kennard said.
Albrecht said the proposed rule were an attempt by the EU to lay down a global standard for data protection.
“We want to have input into a global standard, but that does not mean that we want to impose unnecessary burdens, and I am open for a discussion and negotiation,” Albrecht said.
Feared impact on smaller firms
An industry source who preferred to remain anonymous told EURACTIV that such provisions would hit at the hi-tech ‘App’ innovation market, which is largely US-based.
“Many of these companies are actually very small, though they need to handle a certain critical number of data subjects in order to develop the apps,” said the source.
“Placing burdensome administrative requirements on them would freeze them out of the market.”
"The report marks a new milestone in the data protection discussion in Europe. A new European Data Protection Regulation has the potential to help Europe's businesses – and its economy - grow and prosper,” said Facebook’s head of EU policy, Erika Mann.
“We welcome the thoughtful approach of the rapporteur on many issues. However, we are concerned that some aspects of the report do not support a flourishing European Digital Single Market and the reality of innovation on the Internet - which is inescapably global in nature, and which includes important partners like the US. We will be examining these proposals closely in the coming weeks," Mann concluded.
“The Industry Coalition for Data Protection is concerned about the massive horizontal impact on industry across the EU, regardless of what the business model is and how companies are using data,” a statement from the group said.
“Policymakers have to find the right balance between privacy protection and innovation and support for entrepreneurship,” according to the ICDP statement.
“The Association for Competitive Technology, which represents SMEs in the technology sector, regrets that the draft report saddles SMEs, and particularly tech focused ones, with up-front costs that will undeniably reduce innovation in the market and lead more net entrepreneurs to escape Europe’s hostile regulatory environment,” according to a statement from the group.
From the perspective of the consumer, Albrecht was also criticised, for not going far enough in his proposals.
The European digital rights group EDRi, said in a statement that "Albrecht has sought to improve on the Commission's initial proposal and to address many of the concerns raised by his colleagues, but the resulting text is therefore a mix of straightforward attempts at positive improvements and attempts at compromise based on the opinions so far expressed by his colleagues."
European Union rules on data protection were adopted in 1995, when the Internet was still in its infancy.
Nowadays, information on web surfing habits allows service providers to tailor products to customers needs, placing for example ads which are relevant for people doing frequent searches for the best flight deals.
But some private information can be very sensitive, such as credit card numbers or bank account deposit details. Other type of sensitive information may relate to people's health condition or sexual or political orientation. Location data or online identifiers, such as cookies, are also widely considered as personal data.
Meanwhile, EU citizens are becoming increasingly aware of the possibilities for misusing their personal information. According to a recent Eurobarometer poll, 70% of those surveyed were concerned that personal data is used by companies for purposes other than for what it was collected for, while 64% feel that information on how their data is processed is unsatisfactory.
To address these concerns, the European Commission published in January 2012 a broad legislative package aimed at safeguarding personal data.
- 10 Jan. 2013: Rapporteur Jan Philipp Albrecht is to present his proposals
- 27th Feb. 2013: Deadline for tabling amendments
- End April 2013: Orientation debate in Parliament's LIBE committee
- From May 2013: (Pending progress in Council of Ministers) Trilogue negotiations between the European Parliament, the Council and the Commission could commence
EU official documents
- European Parliament: Rapporteur for the committee on civil liberties, justice and home affairs’ draft report on the Commission’s proposed data protection regime
- EUR-Lex:Existing Data Protection Directive (24 Oct. 1995) [FR]
- European Commission:Proposed regulation revising data protection rules (25 Jan. 2012) [FR]
- European Commission:Proposed Directive on use of data by security institutions (25 Jan. 2012) [FR]
- US mission to the EU: Five Myths Regarding Privacy and Law Enforcement Access to Personal Information in the European Union and the United States (4 December 2012)
- US Department of Commerce:Informal paper on EU data protection overhaul (16 Jan. 2012)
Business & industry
EURACTIV Greece: Η Ευρωβουλ? για την Προστασ?α Δεδομ?νων
EURACTIV Slovakia: Nový režim ochrany údajov skomplikuje biznis Facebooku aj Google