Companies say that they would much rather have to comply with a very onerous set of requirements than comply with 27 different sets, the lawyer said in an interview with EurActiv.
“But they need to be careful what they wish for, because the full implications are now sinking in: this is not going to be harmonisation at a low level but at a higher level, and in a number of countries – like the UK and Ireland, where they have traditionally had a hands-off approach – are suddenly faced with the notion of German-style data protection rules coming into force, and this raises all kinds of issues,” warned the Hunton & Williams lawyer.
According to Kuner, IT and online companies have caught on to the idea of new rules, but the ‘old economy’ companies are likely to be left behind as they struggle to implement the new legislation.
The package proposed by the Commission also has huge implications for governments and regulatory authorities, and that is being ignored in the public discussion, argues Kuner.
“In many ways ordinary public authorities are far behind the private sector in terms of their sophistication in dealing with IT and data processing. Their budgets are being cut and they do not have the opportunities to go out and raise business and money as the private sector does, so in a way they are going to be squeezed even harder than the companies in their efforts to keep within the rules,” the lawyer added, taking as an example rules on police [data protection] co-operation.
At the same time, there are concerns that the proposal will be watered down. Kuner explained that the proposals that would affect the private sector most are in the form of a regulation, which, met by opposition, could be reconverted into a directive. That would need to be implemented by EU countries, which would adapt it to their national needs. If it remains a regulation, then opposition could also trigger more exemptions and de facto watering down the initial proposals.
“There are already some articles [in the draft regulation] calling on the member states to take their own action, some in-built subsidiarity, and this could be extended in the final version, diluting the effects of the regulation,” said Kuner.
Opposition is also building outside Europe’s borders. The United States wants to improve its data protection framework by including some ideas from Europe, but Washington has said that the proposals are not helpful.
“The Commission is not going to prioritise harmonising EU law with Chinese or US rules. It is great to have international harmonisation, but it is a lower priority than getting the rules straight in Europe. Justice Commissioner Viviane Reding and her colleagues are keen for the EU to be a leader in privacy regulation and are pursuing their agenda aggressively,” argued Kuner.
Christopher Kuner was speaking to Jeremy Fleming-Jones
COMMENTS
The draft Regulation proposed by the Commission is right to try and set high standards in data protection and privacy. Experience shows that the current diversity and the attendant complex unpredictability arising from 27 different interpretations of rules framed in a Directive are unhelpful, impede global competitiveness, and undermine principles of equal treatment and non-discrimination. Why shouldn't the EU be among the leaders in this vitally important field? The Regulation's laudable aims reflect opportunities not threats for data handlers and processors everywhere.
fyo
The urgent need for such legislative initiative is clear if one considers that in order to subscribe to this website newsletter one is asked to disclose a considerable amount of private information including ''family annual income''. Information unnecessary and irrelevant for the intended purposes.
It is only regrettable that the debate has not focus more on privacy (determining what information can companies collect without infringing privacy rights)but instead on data protection (what can companies do with the retrieve information).
As a consumer, I am daily confronted with the need to answer queries and fill forms with personal information often unrelated to the services rendered. Companies consider themselves entitled to ask anything from 'shoe size' to 'grandmother's maiden name' and consumers have no choice or protection.
EurActiv reserves its right to remove comments regarded as offensive, racist, or homophobic as well as hate-speech in general. Spamming or posts with an obvious commercial character will be removed as well. Thank you for your understanding.