EU data protection resolution unlikely before the end of the year
Jan Albrecht speaks to the Parliament Magazine about why negotiations on the data protection package have stalled and the conditions required for an effective regulation.
The European commission has been hard at work on a new data protection package since 2012, but parliament's rapporteur on the issue Jan Albrecht has warned that it was unlikely a resolution would be adopted "before the end of the year".
He added that this would be the case "even if the council is ready to negotiate sometime in June", as "council and parliament are heading in two completely different directions". He blames the current approach of "nothing is agreed until everything is agreed" for the delay in talks.
Parliament's civil liberties, justice and home affairs (LIBE) committee adopted its version of a first draft regulation in March last year, but discussions have so far failed to yield any tangible results. Albrecht highlights that "every day we postpone this procedure, the standards for the protection of personal data in Europe are endangered more and more".
- Marju Lauristin: EU needs 'forward thinking' data protection regulation
- Timothy Kirkhope: EU data protection measures cannot burden business
- Giovanni Buttarelli: EDPS 'will urge Europe to speak with one voice'
Given that the current EU data protection directive dates back to 1995, at a time where most people did not have internet access or mobile phones, and social media did not yet exist, it is clear that Europe needs updated legislation, both for its consumers and its companies.
As the German deputy explains, "we need a level playing field. Currently, EU companies are very often disadvantaged because some of their competitors don't follow EU rules to the full extent. Having one single regulation and a digital single market will mean fair competition".
And sadly, the challenges don't stop there. Once a regulation is adopted, there will be the question of how to enforce it.
Albrecht believes "we have very well equipped and functioning data protection authorities in each member state. We know it is very important for citizens to talk to their own authorities in their own language and in their own legal culture".
He rejects the idea of a single European data protection authority, saying, "no one wants that - it would be very far away from the citizens and there would be a work overload".
However, he does concede that "all 28 different data protection authorities should act together to take common decisions, so that there is consistency in their approach". In an ideal world, such authorities would not be needed, because companies would simply abide by the rules.
But of course, in order for that to happen, strong incentives are needed. The commission had suggested that companies in breach of data protection rules be fined an amount equal to two per cent of their annual revenue, but parliament has requested that this be brought up to five per cent.
Albrecht has called on the council to "be tough on individual rights and sanctions otherwise we will not have an agreement". He says that if companies are left to their own devices in deciding to what extent they wish to comply with the law, "then on the other side you have to be very strong on individual and consumer rights - consumers need to have the ability to enforce their individual rights and we need to ensure high sanctions in case of a breach of rules".
Nevertheless, he insists that, "how much information you share about yourself publically is absolutely up to you. If someone decides to post nothing, then that is their decision. At the same time, someone can decide to put everything out there".
He adds, "the key thing is for citizens to really have control over their personal data - it is important to let people empower themselves to decide which risks they want to take".
While Albrecht is pleased that the Latvian EU council presidency will be taking on this issue during its term, he stressed that "a small presidency cannot be the only one" to tackle the problem - "the bigger states need to push for it, Germany and France but also the UK".
But, he did praise the EU for "rightly deciding to exclude the issue of data protection in TTIP [transatlantic trade and investment partnership]" talks, explaining that "we first of all need to decide our own rules in the EU […] otherwise we divide ourselves in these trade talks and we will just be the party that has to accept third parties' standards".
Still, he is confident justice, consumer and gender equality commissioner Vera Jourová "will be strong enough to show clearly where the red lines for the commission are and push for a quick adoption of this regulation".
Parliament hopes to enter trilogues with the commission and council before the summer break and for the legislative work to be completed by the end of the year.
Live animals export trade is marring the EU's reputation as a leader in animal protection, says Olga Kikou.
The European commission must ensure that social media companies will respect national laws against incitement to religious hatred and violence, says Roberta Bonazzi.
EU policymakers must avoid leading Europe into an age of data prohibition, warns Townsend Feehan.