Brussels, 24/07/2012 (Agence Europe) - In Nicosia on Tuesday 24 July, EU27 justice ministers began to draw up the broad outlines of future European legislation on the protection of personal data. Commissioner Viviane Reding had proposed reforms last January with a draft regulation and proposal for a specific directive relating to police and justice matters, while ministers hoped to review certain of the Commission's ambitions downwards. The exercise is a sizeable one as it will mean that the EU will have to reform its current rules dating back to 1995, i.e. before the explosion of the internet and social networks such as Facebook, and to impose new obligations on companies, whether European or foreign, public or private.
The Council, which, on Tuesday, was working only on the draft regulation, does not see itself coming to an agreement on a general approach before the Irish Presidency of the EU Council, when it will then begin talks with Parliament. For the directive on police and legal cooperation, the road may also prove to be more tortuous, as no real discussion on this was held under Danish Presidency, which showed little enthusiasm for the text. Work on this is not expected to get under way till September.
On Tuesday, in Nicosia, ministers nonetheless sought to get Viviane Reding's draft regulation off the ground. The European Commission hopes, among other things, that web companies, such as Google, will in future require the explicit consent of internet users before using data concerning them. It hopes to organise a “right to oblivion” on the internet, possibly through total erasure of data. The Commission trusts that each company, whether public or private, will take on someone to be in charge of data protection and will be subject to sanctions in the event of misuse of personal data. The January proposal also provided for several exceptions for SMEs and companies employing fewer than 250 people, the Commission suggesting such companies should be exempted from the new rules.
And it is partly on this point relating to “exemptions” that discussions focused on Tuesday. Some member states, like Germany, felt that, more than the size of the company, it is the type of work involved and the type of data processed that should be taken into account. Discussions also concerned how appropriate it would be to exempt the public sector from the new European rules. This, one source said, is an ardent wish expressed by the United Kingdom and backed by Hungary. Another participant at the meeting said London had not, however, been categorical about this. Although the United Kingdom does indeed consider that the Commission should not react to rules on data protection for public administrations, “it has not categorically called for the sector to be excluded”, she said. Most member states nonetheless consider that no distinction should be made between the sectors. France, Luxembourg, Ireland and Lithuania, for example, have taken a stance in favour of common rules to be applied to both private and public sectors. Germany, for its part, came down on the side of more flexible rules for the public sector, according to a source familiar with the dossier. This is a request that Commissioner Reding finds fully acceptable. During the press conference, she pointed out that such flexibility for the public sector already existed in the regulations, while adding: “We must see whether it goes far enough or, on the contrary, whether it goes too far”, Reding said.
According to Cypriot Justice Minister Loucas Louca, the discussion will at any rate have allowed member states to submit a considerable number of reservations about Reding's text. For at least three member states - Hungary, the Czech Republic and Lithuania - the Commission had to treat all these issues in a directive rather than a regulation. Some have the feeling that the Commission is seeking to push its regulation through forcibly, according to one source.
There is also perceptible distrust about the Commission's intentions on the subject of the famous “delegated acts”, the other point on the agenda for discussion by the Cypriot Presidency. Using this technical instrument, established by the Lisbon Treaty, the Commission is able to adjust certain aspects of a legislation without having to renegotiate the text completely. In its January regulation on personal data, it had thus proposed it be used in 46 cases, essentially those involving the adjustment of legislation to technological innovation or a new type of service (such as Google Street View). The member states consider the Commission goes far too far with its 46 kinds of acts. Also, although the Commission has sought to give reassurance that it will not be a question of essential elements of the proposal, member states wish to be quite clear about it and took a stance on Tuesday for a case-by-case study of the areas in which the Commission wants to use delegated acts. The question is less technical than it would appear and even raises a number of challenges. A representative from one of the large countries asked how one could be certain that “the Commission will be able to detect and react to technological changes”. (SP/transl.jl)