EurActiv.com

EU news and policy debates across languages

26/09/2016

Tech industry goes for last minute appeal on data protection

Digital

Tech industry goes for last minute appeal on data protection

Negotiators have vowed to strike a deal on the data protection regulation by the end of 2015.

[Flickr/miniyo73]

Tech industry groups are making a last ditch effort to sway negotiators who have vowed to wrap up talks on data protection regulation this month.

The European Data Coalition, a group made up of large companies including Nokia, Ericsson and SAP, sent a letter yesterday (1 December) to heads of state of all 28 EU countries asking that they slow down trialogue negotiations and reform the upcoming privacy legislation to be more business-friendly.

“We ask you to release yourselves from the self-imposed, non-binding deadline and not give up on the hope of a prosperous European Digital Economy,” the letter reads.

The letter was also sent to European Council President Donald Tusk, Commission President Jean-Claude Juncker, Parliament President Martin Schulz, EU Justice Commissioner Vera Jourova, Commission Vice President Andrus Ansip and EU Digital Commissioner Günther Oettinger.

But the coalition’s attempt to win over negotiators could be in vain: legislators in trialogue talks have said for months that they will strike a deal by the end of the year.

On Monday, German MEP Jan Philipp Albrecht (Green), rapporteur on the data protection regulation, told the European Parliament’s Civil Liberties, Justice and Home Affairs (LIBE) Committee that negotiations on most parts of the law have already finished and legislators are now discussing formalities.

>>Read: Irked tech companies set out ‘red lines’ on upcoming privacy law

One point that remains unresolved is the issue of sanctions for companies that break the new privacy rules. Companies have griped over the Parliament’s proposal to impose sanctions on companies of 5% of their yearly global turnover. The Commission and Council want that figure to be lower.

“We want to have harmonised enforcement,” Albrecht said.

“There we still have different thresholds, the 2% or 5% of the yearly worldwide turnover of a company, in the air still. We’re negotiating on that,” he added.

In its letter, the European Data Alliance named sanctions as one of the most threatening parts of the regulation. The group’s list of demands calls for “proportionate, well-codified and harmonised sanction guidelines that punish non-compliance without discouraging data-driven innovation in Europe.”

The most recent leaked version of the draft regulation included a proposal from the Luxembourg Council presidency for sanctions of up to 2% of a company’s global turnover.

The European Data Alliance also called for “a secure and flexible foundation for international data transfers”. EU Justice Commissioner Vera Jourova told Austrian newspaper Wirtschaftsblatt this week that a new data sharing deal with the US should be finalised before the end of the year. The European Court of Justice ruled the Safe Harbour agreement invalid in October, freezing many commercial data transfers from Europe to the US.

Other industry groups have also lashed out at legislators over drafts of the data protection regulation. Last Friday (27 November), 12 organisations representing startup businesses sent a letter to MEPs and member states demanding they “allow Europe’s startups and scaleups to compete globally.”

The startup associations argued that smaller businesses were hit hardest by legal complications resulting from the ECJ’s verdict on Safe Harbour. Companies that continue to transfer data to the US after that decision have used other legal means, such as binding corporate rules or standard contractual clauses.

Background

Existing European rules on data protection were adopted in 1995, when the Internet was still in its infancy.

In January 2012, the European Commission published a vast legislative package aimed at replacing the existing rules and giving greater protection to personal data across the EU.

The package includes two legislative proposals: one general regulation on data protection (directly applicable in all the member states) and one directive specifically aimed at data protection in the police and the justice systems (to be transposed into national law).

Since then, the data protection debate took a new twist with revelations about US eavesdropping activities.

Whistleblower Edward Snowden revealed in 2013 that the NSA had secret wide-reaching authority to snoop on emails and internet communications using a data-mining programme called Prism.

European politicians reacted angrily to the news and called for stricter measures to ensure privacy.