Brussels, 24/01/2012 (Agence Europe) - The right to erasure of data on the internet, consent by citizens of use being made of information on them, penalties against companies, including foreign companies, which to not stick to the rules and recast of data protection instruments in the area of home affairs: the keenly awaited proposal on data protection in the EU, which Commissioner Viviane Reding will bring forward on Wednesday 25 January, will be very closely studied by member states' home affairs ministers and the United States, which has several agreements with the EU, for example on police cooperation and counter-terrorism. The proposal is also expected to be criticised, some expect, believing that it will be difficult to implement for a number of reasons. Within the European Commission itself, the proposal has found it very tough to make headway, some observers have reported, and has had to undergo a number of revisions.
One source says that Commissioner Cecilia Malmström's staff were initially rather unhappy and concerned that the text might hobble investigations and judicial cooperation with non-EU countries, especially the United States, which depend to a great extent on the transfer of personal information.
Reding's general intention is to enhance internet users' right to privacy and to bring some order to the patchwork of rules and laws across the member states. To do so, she will present a directive revising Framework Directive 2008/977/JHA on data protection in home affairs and a regulation on the general arrangements for the protection of personal information in the event of its being used by companies and its being circulated. As she promised several months ago, Reding wants to incorporate in her regulation her famous “right to be forgotten”, which will give individuals the right to have their personal data erased, for example, if they wish to have removed a photo published on a network such as Facebook. Companies will also be required to obtain internet users' consent when they want to use these persons' information and will have to explain to internet users how and why this information is to be used. Every company providing services to Europeans will be governed by this legislation and will answer to the data protection authority of the member state in which it is headquartered.
In general terms, any breach of the new rules will be punished whether the company is European or American. The question of the amount of the penalty, because sanctions will be pecuniary, has been one of the major bones of contention in the drafting of the text. In a final draft, the penalty was set at a maximum of €1 million. Exceptions to the rules are, however, provided for, such as for press companies and their archives, where “being forgotten” is virtually impossible.
With regard to home affairs, Reding will propose a set of clear rules when law enforcement authorities will have to deal with the transfer or retention of individuals' data, and she wants to make any transfer to third countries to be carried out only if the standards of data protection have been certified by Commission assessment as being adequate.
There is nothing new on this point, said Reding's spokesman Matthew Newman. However, on Monday, some were nevertheless wondering about the possible implications of the directive on agreements concluded by the EU, such as the PNR (passenger name record) agreements. Newman said that no effect was expected in this area. On Tuesday, without commenting on the latest drafts, a spokeswoman for the US Representation in Brussels confirmed that the US will look very carefully at this text, which will affect a number of major American companies when they are in negation with the EU on a general framework agreement on standards of data protection applicable to all transatlantic initiatives. (SP/transl.rt)