Three-Way EU Big Data Privacy Wrestling Match Kicks Off

Three-way EU Big Data privacy wrestling match kicks off

The EU will take a big step towards finalising measures to protect its citizens’ privacy today, as negotiators from member states, the European Commission, and the European Parliament will come together for the first time to thrash out an agreement on the EU’s planned data protection law.

The Parliament agreed its position on the draft law more than a year ago, but the council of national ministers fought bitterly over a common position, only reaching a grudging agreement earlier this month.

Many European countries are still concerned about aspects of the text, but felt it best to reach a compromise in order to move forward.

Cyprus, Italy, Belgium and Poland all have reservations and Austria said it wouldn’t support any law that lowered data protection below the existing law.

Article 6(4) is one of the big sticking points. It allows companies to change how and what they do with citizens’ data if they can show ‘legitimate interest’. However, some countries are concerned that ‘legitimate interest’ is too vague and would leave the door open for companies to abuse personal information.

In terms of redress for citizens, the Council draft of the law removes the possibility of class-action for breaches of data protection and requires NGOs to complain to regulators, not challenge via the courts. The famous one-stop-shop that was supposed to simplify citizens’ right to redress if their privacy had been breached has also been mangled by the council.

Parliament removed the possibility of profiling citizens, but the council of ministers has put it back in, if governments can claim national security, defence, public security and or ‘other important objectives of general public interest’.

All these issues will be discussed in the so-called trilogue meetings, where the council’s shaky consensus could give the Parliament more bargaining power.

William Long, a partner at Sidley Austin, said the regulation would have ‘a very significant impact on businesses in the EU and those internationally, including in the US, that do business in the EU.

This regulation has a raft of new requirements, such as appointing data protection officers, and new rights, including a right of erasure, as well as fines for non-compliance of up to 5 per cent of annual worldwide turnover (gross revenue)’.

With such a big potential impact on business, it is no surprise that lobbying has not slackened off. Both ETNO (the European Telecommunications Network Operators association) and GSMA (which represents the interests of mobile operators) have called on legislators to repeal the ePrivacy Directive through the mechanisms provided in the draft GDPR.

This is possible by amending the proposed GDPR and to incorporate all relevant legal provisions on data protection into the new law.

 

Read the complete at the source link.

 

0 Comments