Privacy Advisor

EU Regulation Roundup: Move Toward Business-Friendly; May Be No Vote until December

June 7, 2013

By Sam Pfeifle
Publications Director

In a meeting of justice ministers from the 27 European Union member states yesterday, The New York Times reports that an agreement was reached on a “business-friendly proposal” for the contentious EU data protection regulation that would take a risk-based approach to regulating companies that gather data.

Part of a proposal by the Irish presidency, which contained a number of ideas that some privacy advocates saw as concessions to business lobbyists, the risk-based language was one of the few points where agreement was reached. Debate continued on moving from “explicit” consent gathering to “unambiguous” consent and how to balance the right to privacy with “the right to do business.”

However, the right to be forgotten was deemed contentious enough to be avoided in discussion at the meeting altogether.

And while some saw these concessions to business as overly onerous—including Viviane Reding, the union’s justice commissioner, and the ministers from Italy and France—others felt the concessions didn’t go far enough. Chris Grayling, the British justice secretary, is described by The Times as saying “the rules were still overly burdensome for European businesses, along with United States technology giants.”

However, it can’t be said that hard work isn’t being done. Information Age reports that Reding commended members of working groups for actually sleeping in tents so as to maximize time available for working on the regulation. At the same time, she used strong words in defending her original draft: "I count on the European Parliament and on the incoming Lithuanian Presidency to resist, alongside the commission, all attempts by those who are still trying to weaken data protection standards in Europe.”

Further, the EU Observer quotes Reding as being very much opposed to talk of weakening the consent language. “Explicit consent is fundamental in building trust,” Reding told ministers at the meeting. “She described council’s decision to revert to unambiguous consent as ‘extremely ambiguous,’” the Observer reports. “‘We need to make clear that staying silent is not the same as saying ‘yes’,” she said. Reding drew a red line by saying the draft regulation cannot become weaker than existing laws.” (You can find a direct statement from Reding here.)

The same story reports on work by MEPs to negotiate on Parliament’s current regulation draft. Any number of sticking points, including language about “legitimate interests,” have MEPs anonymously predicting that the regulation is now unlikely to get a vote by early July and that it may come as late as December at this point.

Read More By Sam Pfeifle:
Lane Powell LLC Launches Privacy and Data Security Practice
Budget May Stop Maine Bill Requiring Warrant for Geodata
How To Do Social Media in Healthcare with Privacy in Mind
Stoddart: PIPEDA Needs Reform To Bring Enforcement Powers