Brussels, 04/12/2014 (Agence Europe) - As expected, the Justice ministers of the Twenty-Eight reached an agreement, in Brussels on Thursday 4 December, on a partial general approach on the “public sector” and chapter 9 planks of the general regulation reforming the European data protection rules. This move takes another step towards the finalisation of the reform, which was started in January 2012, and makes a global agreement possible under the Latvian Presidency. However, the ministers still differ considerably over the one-stop-shop mechanism. Aiming to make life easier for business and reinforce the rights of European citizens in the event of a dispute with a company, it is the subject of reservations on the part of Ireland, the United Kingdom and Sweden, and more work will be needed.
On the public sector and chapter 9, regarding the treatment of data for specific sectors of activity, such as research and the press industry, the Italian Presidency succeeded in rallying a majority of member states behind its proposals. For the public sector, the social security and health administrations, for example, the member states will be able to bring in their own national provisions, which will aim to give them greater flexibility in applying the regulation and will also allow them to practise higher standards.
This requirement for flexibility for the public sector has long been a demand made by Germany and the German minister, Thomas de Maizière, welcomed a compromise he described as “acceptable to Germany”. Amongst other things, it will aim to make it possible to keep medical or social data to allow the administrations to do their jobs properly. The minister also welcomed the Presidency's intention of avoiding duplications between the regulation and the directive on the processing of personal data in the framework of police and judicial cooperation. He also called for all matters related to policing to be withdrawn from the regulation.
The United Kingdom, Spain and France are also among the countries which gave their unstinting support to this general approach, but a number of delegations, such as the Czech Republic and Slovenia, struggled to do the same. Prague “would like more flexibility” for the public sector and, along with countries such as Austria and Hungary, called for a “minimum harmonisation clause”. Prague was, however, able to give its blessing. Slovenia, on the other hand, declined to support the compromise, as it is opposed to the paragraph in chapter 9 on the freedom of expression, for which it wanted a broader scope of application.
Under the compromise hammered out by the Italian Presidency, the treatment of personal data for the purposes of journalism or academic, artistic or literary expression “should be the subject of derogations or exemptions to certain provisions of the regulation, if necessary, to reconcile the law on the protection of personal data with the law on the freedom of expression and of information”. These provisions should apply in particular to audiovisual, press archives and press libraries.
Hungary also chose to distance itself from the partial general approach, on the grounds that it is “one of the countries with a higher level of data protection than that laid down by the regulation”. “We do not wish to reduce the level of protection in place in our country, we have already stated this”, the Hungarian representative stressed. This handful of national reservations was not enough to block the partial general approach, which was noted by Minister Andrea Orlando after the discussions.
More work needed on one-stop-shop
Things turned out to be slightly more complex for the one-stop-shop mechanism, although there are indications that this plank of the reform may move forward under the Latvian Presidency.
The one-stop-shop aims to allow businesses to deal only with the data protection authority of the country in which they have their main headquarters and to rationalise decision-making in the event of a dispute with a business whose practices concern nationals of more than one member state. The initial proposed reform aimed, amongst other things, to make the national authority where the company has its registered headquarters solely competent for the decision to be applied to other national regulators concerned. Additionally, they sought the best means to reach a balanced solution, taking on board all of the concerns of the other national regulators.
Fairly early on, the member states expressed concern at having this decision taken out of their hands and, in December 2013, went as far as to accuse the European Commission's proposal of undermining the level of protection of Europeans by preventing them from approaching their own national authority to make a complaint.
It was on this concern of “proximity” between the citizens and the local authorities that the Greek and Italian Presidency's focused their work and the Italian proposal debated by the ministers on Thursday sought a fair balance. It stipulates that the national authorities will be associated with the lead authority on a dossier in preparing the decision, and that a European arbitration committee, the 'European data protection board', will intervene only in the event of a disagreement over a decision between the regulatory authorities concerned in a single dispute.
A number of countries want this board to have a legal personality and binding powers. France, Belgium and Finland are in this camp, although “there are questions which require more work, notably on the recourse against decisions made by this board”, France explained. However, other countries, such as Ireland, the United Kingdom and Sweden, are not in favour of this 'board', arguing that it will create more problems than it will resolve. Ireland is against a legal personality for the board. Sweden argues that it is “important that the decisions of the national authorities are not threatened. So we feel that there is still some work to be done”. The United Kingdom fears that the creation of this board will bring about “an accumulation of appeals and legal proceedings”. (SP)