EU countries likely to drag out data privacy talks this week

Arguments continue over who gets to handle consumer privacy complaints

New rules governing who handles EU consumers' privacy complaints will not be agreed to Friday, despite being on the agenda for member states to discuss.

Justice and Home Affairs ministers from the EU's 28 member states will meet to talk about the proposed Data Protection Regulation, specifically plans to create a so-called one-stop-shop principle.

There has been much disagreement between member states about which authorities should handle complaints about the misuse of data when the companies and complainants are in different countries. A "discussion text" released last week attempted to resolve the issue by proposing more powers for the data protection authority in which the individual consumer or complainant is based -- the local authority -- while maintaining the one-stop-shop principle of a "lead authority" in the country of the accused company.

Some member states, in particular Germany, fear that they could become subject to data laws from another country. In Germany's case, there are concerns that its stringent privacy rules could be watered down by regulators in other countries. The U.K. has also dragged its heels due to fears that investors will react badly to tighter privacy rules.

The European Data Protection Supervisor (EDPS) Peter Hustinx said the one-stop-shop principle is crucial for the whole structure of the proposed Data Protection Regulation, which would update the 1995 Data Protection Directive.

"I expect the council will mark that progress has been made, but will probably not give the OK to the final version," Hustinx said. However, he added that he thinks talks are in much better shape than they were at the end of 2013. "I think they will encourage further progress. We may even see conclusions on other elements. But with the one-stop-shop principle, it can only work if we think in terms of close collaboration," he said.

A source close to the negotiations said that although a large majority of countries appear ready to agree to a partial general approach, this will be "a purely symbolic move to allow the Greek Presidency to claim to have advanced the file during its term."

Such an approach does not exclude future changes and means that talks with the European Commission and the European Parliament, which are necessary for any new law, cannot begin.

The European Parliament's rapporteur for the proposed data protection reform, has even accused the responsible ministers of "refusing to work."

"I am disappointed that the council is not aiming to finalize the agreement. I think that will not be appreciated by the new European Parliament," said Jan Philipp Albrecht, the German member of the European Parliament who steered the complex text through to a compromise in that institution in March. "My impression is that most member states are trying to conclude something. France has been more outspoken in its criticism of the slow pace. And even those countries that have been hesitant are more willing to reach an agreement. Even the UK seems to be reducing its stalling tactics."

The proposed law has been discussed since 2012 and when implemented -- probably not before 2017 at the current pace of negotiations -- will apply to all companies operating within the European Union, no matter where they are based.

The proposal would give authorities the power to impose multimillion-dollar fines on any company that misuses Europeans' data. Under the latest compromise text, even local data protection authorities will have a say on sanctions. If they disagree with a lead authority, they can object and the matter will then be referred to the European Data Protection Board.

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to jennifer_baker@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags regulationsecuritygovernmentprivacy

More about EUEuropean CommissionEuropean Parliament

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jennifer Baker

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place