EU irks businesses with new data protection rules
March 13, 2015The European Union's interior and justice ministers agreed on Friday to grant more powers to regulators to enforce a new data protection law, upsetting businesses who hoped the power would instead be devolved to the regulators in each individual country.
Initially, the new EU law would have established a "one-stop-shop" mechanism, meaning that a business operating across the whole 28-nation bloc would only have to deal with one protection authority - in the country where it has its headquarters or European base, even if the issue affected citizens in another EU country.
However, this upset some countries which do not what their national authorities to lose all jurisdiction over big technology companies like Apple and Facebook, which are based in Ireland. In the past, Ireland has been accused of going soft on large multinationals in order to remain an attractive place for doing business, something Dublin has denied.
Under pressure from the concern nations, the EU ministers agreed that henceforth if one country's authority is "concerned," they can appeal any ruling to an as-yet-uncreated board of all 28 regulators who could then come to a binding decision.
New rules will encourage "capricious referrals"
"The proposed mechanism will be more cumbersome than the existing procedures, resulting in unnecessary administrative burdens, including delayed decisions for citizens," said the Industry Coalition for Data Protection, which includes major technology firms Apple, Google, and IBM.
EU diplomats had previously agreed to scrap an adjoining proposal that at least one-third of the national regulators would have to raise an objection before a case would be referred to the European Data Protection Board (EDPB).
Member states such as Ireland, Great Britain, and the Netherlands had supported the numerical threshold, saying it would have "greatly reduced the risk of capricious referrals," according to Ireland's justice minister.
Friday's agreement is still subject to change until June, when ministers will review the entirety of the proposed new data protection law - the General Data Protection Regulation, meant to update decades-old statutes that have not kept up with the development of the Internet.
Germany's Justice Minister Heiko Maas called the new data law "one of the most important projects under discussion in Brussels at the moment."
es/msh (AFP, Reuters)