European parliament debating thousands of potential amendments to proposed rules.
A fundamental overhaul of the European Union’s privacy rules is entering a bumpy phase as the European Parliament discusses more than 3,000 possible amendments to proposed legislation starting Wednesday — while member states review the proposals in parallel.
Under the proposed rules, companies could be fined up to 2% of global annual turnover if they don’t respect people’s data privacy, but this is just one issue amongst many being negotiated. There has been intense lobbying on the new rules, which will affect U.S. companies, including web giants Google Inc. and Facebook Inc., as well as small internet start-ups.
Negotiations are entering a crucial phase and with so much at stake, it may be difficult to meet EU justice commissioner Viviane Reding’s stated goal of a political agreement on the legislation by July.
“I see some intense work in the upcoming weeks,” said Jan Philipp Albrecht, the German lawmaker responsible for the legislation in the European Parliament’s influential civil liberties committee.”This issue of data protection today covers all areas of society.”
The committee is likely to vote on the amendments–with the outcome usually determining the stance for the whole parliament–on May 29 or 30. Lobbying from companies potentially affected has been unusually intense, he added.
Ms. Reding set out her initial proposals in January last year, but an update is necessary–the current law dates from 1995, when the Internet was different, and there are huge variations between the data privacy rules among the EU’s 27 member countries.
Finding the right balance in this contentious area will be a complicated process, however.
“There are still some open questions,” Mr. Albrecht said. These include the so-called “right to be forgotten”– an obligation for data to be deleted permanently from all over the web if a user requests it — and data portability, when people want to move personal information between websites. Still, Mr. Albrecht said, even if the thousands of amendments can be distilled to hundreds, voting on them will take a day.
In parallel with this, justice ministers are tackling the same issues. Earlier this month, they said the rules should take into account the nature of data that companies hold, rather than merely being based on the size of company or the volume of data they hold.
This means the new law would need to account for data sensitivity, meaning that health records would be more strictly protected than, say, styling preferences stored by a hairdresser. Negotiations on other aspects are continuing, with justice ministers due to focus on data protection again at their June meeting.
An EU official familiar with the talks said there “good discussions” are ongoing, but warned that while Ms. Reding is “extremely keen” to get political agreement under Ireland’s rotating EU presidency, which ends in June, some member countries say the pace of negotiations should slow, because getting the highly technical negotiations right takes time.
Then there are relations with the U.S., which also is in the process of overhauling its data privacy rules, and has traditionally taken a more self-regulatory approach than the EU. Moreover, as planned, the EU legislation would apply to any company that seeks to do business in Europe — including the likes of Apple Inc.(AAPL), Facebook and Google.
“As a general matter we welcome any changes that would make U.S. and E.U. privacy law interoperable… that’s been our key point throughout the debate,” said U.S. Ambassador to the EU, William Kennard, a former head of the Federal Communications Commission.”We’re at a really critical point in both E.U. and U.S. law… it’s a historic opportunity.”
Source: total telecom