The prospects of agreeing a proposed Europe-wide data privacy rules by spring next year, a key objective of the European Commission, look in doubt after EU ministers last week failed to agree on the concept of a one-stop-shop for data protection.
Justice ministers representing the 28 member states attempted to reach agreement on the proposed data protection regulation at a meeting in Brussels last week (6 December).
The reform aims to unify national data protection regimes, making it easier for businesses operating across territories who would deal with a single data protection authority – a so-called ‘one-stop-shop’ – in the country where they are based. The proposal also envisages that citizens should be able to rely on such a one-stop shop across the bloc’s 28 individual data protection authorities to safeguard their data protection rights.
Germany resists a one-stop-shop
But Germany proved the most resistant to the one-stop-shop proposal at last week's meeting, and received backing by ministers from the Czech republic, Denmark and Hungary.
“This proposal involves replacing all of the German consumer rights on data protection – which is around 100 pages – and we therefore have to be careful that our high standards remain,” Ole Schr?der, secretary of state in the German federal ministry of the interior said at the outset of the meeting.
“Harmonisation, yes, but not at any price,” Schr?der added, when asked if he believed whether – in the light of the NSA scandal – the data protection regulation should be pushed through more quickly.
Meanwhile the UK and Sweden, whilst favouring the one-stop-shop proposal, continue to argue that the regulation should instead be a directive, allowing member states greater flexibility in transposing the rules.
“We worked intensively during the entire period of our presidency on this, however there is a significant gap in member states positions on this,” said Juozas Bernatonis, the Lithuanian justice minister who was chairing the meeting.
Ministers agreed in principle to the one-stop-shop principle in October, so the failure represented a blow to achieving agreement on a complicated dossier.
“Today’s meeting was a disappointing day for data protection… today we have moved backwards and I am very disappointed about that, because a swift agreement would be important for our citizens as well as our companies,” said Viviane Reding, the EU's Justice Commissioner.
Parliament's rapporteur reacts angrily
Lawmakers in the European parliament’s civil liberties committee voted in October to strengthen Europe's data protection laws, including plans to impose fines of up to €100 million on companies such as Yahoo!, Facebook or Google if they break the rules.
The Parliament, and Reding, have consistently tied the need for stronger data protection to acknowledge alleged privacy abuses arising from information leaked by former US espionage contractor Edward Snowden.
“It’s just ridiculous. The German government has talked about data protection throughout the last months, Chancellor Angela Merkel said it is priority and then the German interior minister is going to Luxemburg and Brussels and doing exactly the opposite,” said German Green MEP Jan Philipp Albrecht.
“They use the argument that they are safeguarding German consumer rights, but these arguments are lies, because the Parliament has insisted on consumer protections which are of exactly the same standards as those in Germany,” Albrecht added.