Brussels, 22/10/2013 (Agence Europe) - They had feared a marathon vote but in the end they wound the affair up in just 40 minutes. On Monday evening, MEPs from the European Parliament's civil liberties committee widely supported strengthening European personal data protection rules and gave the two rapporteurs - Jan Philipp Albrecht (Greens/EFA, Germany), responsible for the general regulation, and Dimitrios Droutsas (S&D, Greece), responsible for the criminal framework directive - a clear mandate to negotiate with the Council (51 votes in favour, one against and three abstentions for the regulation; 47 votes for, four against and one abstention for the directive). In the thick of the storm created by Prism and other scandals linked to tapping by the US National Security Agency (NSA), the MEPs put up a united front to ask the Council, and even the heads of state and government this Thursday, to finish its work before the end of the legislature. In the view of European Commissioner for Justice, Fundamental Rights and Citizenship Viviane Reding, this vote is nothing less than a “statement of independence” made to the US and she called on the 28 EU member states for a “strong signal”. In Albrecht's opinion, given in a press release, “Germany's Chancellor Angela Merkel will have the responsibility [on Friday] of putting into practice what she expressed on this subject during her electoral campaign and to make adoption of the general regulation on data protection the fundamental objective of the EU member states”.
The new rules that the civil liberties committee wants should strengthen Europeans' control of their data - through, for example, the right to erasure (the principle of the right to oblivion was considered too rigid and complex and was discounted), better information on the way their data are handled, and rights to appeal. However, the most sensitive subject at the moment relates to the possibilities of transferring Europeans' data to third countries. These transfers can only take place under a solid legal basis, such as an international agreement or a treaty of mutual assistance. This section of the reform would thus prevent search engines such as Google, a social network such as Facebook or a provider of IT cloud services from being able to transfer Europeans' personal information.
As regards sanctions, MEPs went much further than the Commission in January 2012 which limited itself to a maximum sanction of 2% of global annual turnover. For the MEPs, this is now 5%.
With regard to appointing a person responsible for data protection within companies, this post will be obligatory from the time that the data of over 5,000 clients/users are handled. However, the nature and the potential risk of the activity will be taken into account.
Regarding explicit consent, an organisation or company could handle personal information only after obtaining the explicit authorisation of the person concerned, who could go back on this consent at any time. The consent would correspond to “any demonstration of will, free, specific, informed or explicit, by which the person concerned accepts, by a statement or by a clear positive act” the handling of his personal data. Going back on his consent must be as easy as giving it.
As regards profiling (used to analyse the professional performance of a person, his economic situation, his location or his health, for example), the MEPs set limits. Profiling would only be allowed if the person concerned gave his consent, if the law provides for it or if it is necessary for the execution of a contract. “What is more, such a practice should not lead to discrimination or be based solely on the automatic handling of data” (our translation throughout).
The report also focuses on the role of national data protection authorities (DPA) and the coherence mechanism. Like the Council, Albrecht wanted the final decision - in the case of dispute between the different DPA - to be up to the European data protection committee or European board, and not to the Commission, as the Commission had suggested.
The Parliament's main political groups welcomed the vote, for which they partly attributed the merit to themselves. In Axel Voss' view (EPP, Germany), the Albrecht report clearly carries the mark of his party, he said on Thursday. This is also an S&D victory, whose broad principles were adopted by the committee, the S&D Group states in a press release. A slight damper to the concerted praise came from Sophie in't Veld (ALDE, Netherlands), who said that these rules do not plug “the holes” in European legislation that were brought to light by the Snowden scandal. And the true improvement for Europeans will be gauged by the strict application of the rules - both by member states and by the European Commission, she said in a press release. in't Veld said that the Commission could already have protected Europeans effectively with the current instruments if it had wanted to. (SP/transl.fl)