Brussels, 17/10/2013 (Agence Europe) - Political momentum and as wide a political consensus as possible to complete the file before May 2014 - this is what Jan-Philipp Albrecht (Greens/EFA, Germany) hopes, whose report on the regulation reforming the 1995 directive on personal data will be put to the vote in Strasbourg on Monday evening. After months of work, the political groups held a final session of negotiations on Wednesday evening and a consensus was reached on a series of compromise amendments, Albrecht said on Thursday morning. This does not prejudge the outcome of the vote, however, and Albrecht is still cautious. Nevertheless, there is “a realistic chance that an overall agreement on the reform might come about before the European elections”. “This is an objective shared by all the groups”, he said.
Albrecht's much awaited report has tried to combine all the sensitive areas … and all the lobbying. However, although Albrecht had to make a few concessions - including on the ways of designating those in charge of data protection in a company, for which he would have preferred “stricter rules” - he did not take a single amendment weakening the rights of European citizens, he said. On the contrary, the text that has been negotiated provides for the strengthening of these rights, Albrecht states, and it should also supervise the transfer of data to third countries more strictly (if the Council follows) - an issue which has become very controversial since the Edward Snowden revelations.
Transfers of data, which were operated by companies (particularly North American ones) and mostly remained secret, will only be possible in the future if there is a legal basis or an agreement of mutual assistance between the two parties (there is currently an agreement but it is non-binding - the Safe Harbour agreement which simply depends on the good faith of the American companies). This proposal had been made by the European Commission then was withdrawn - to be recovered by the Parliament's political groups after the eruption of the Snowden affair. The regulation will certainly ban American companies from transferring European data to American services on the basis of the Patriot Act. Intelligence activities and everything related to national security will not, however, be covered by this regulation. Nevertheless, Albrecht hopes that “common European lines on this could be requested during the civil liberties committee report on the spying” of the American NSA or the British GCHQ.
Another pillar of the reform - the famous right to oblivion, which is dear to European Commissioner for Justice, Fundamental Rights and Citizenship Viviane Reding - proved impracticable on the technical level. “After a year of debate, it was not possible to have a common agreement”, Albrecht said on Thursday. The text therefore provides for a right to erasure of data when there is no longer need to use them. The long term retention of data will only be possible if it proves necessary for scientific or historical research, or for statistical studies or public administrations - for example, health services - or for principles of freedom of expression or of the press. The person responsible for data will then have to take “all the reasonable measures” to proceed with this elimination. The compromise that was reached does not venture into detail and remains rather concise on the processes of erasing the data - even if every copy of these data will have to be erased. As regards informing citizens, the contexts according to which data are handled will have to be indicated “electronically, in clear language, freely and quickly”, Albrecht states.
On the appointment of staff responsible for data protection within a company, it would be obligatory to appoint such a person from the time when the data of over 5,000 customers or citizens are handled. An approach based on the risk generated by the activity was taken into account - “the baker on the corner of the street” presenting a minor risk for personal data, said Axel Voss (Germany), the rapporteur for the EPP.
Other key points of the reform are that the sanctions imposed on non-obliging companies will be able to rise to billions of euros for a large company, Albrecht explained, and that the consent of citizens for the use of their data will have to be given explicitly. For example, Google+ profiles should not be able to be created except if the internet surfer has stipulated in the confidentiality parameters that he accepts this page of Google. Google currently imposes this window on any user of its services, such as its messaging service. Replacing the very long general conditions (which are often not read because they are so long) with standard symbols should enable one's agreement or rejection of his data use. In addition, the directive dealing with data handling in the police and judicial framework is also due to be put to the vote in Strasbourg on Monday evening - during a session which some are already predicting will be very long. If all goes well, the negotiations with the Council could be started quickly. (SP/transl.fl)