PERSONAL DATA PROTECTION : COUNCIL REWRITES DRAFT REGULATION.

Discussions are moving forward, but with a clear determination to modulate and relax the future rules on the protection of Europeans' personal data, particularly online data. "On the question of whether the appointment of a data protection officer in companies should be optional, the answer is largely yes'," said Ireland's Justice Minister Alan Shatter after a debate by the 27 justice ministers, meeting in Council on 7 March in Brussels. By doing away with this obligation for companies to appoint a data protection officer, the Council would attack a pillar of Justice Commissioner Viviane Reding's star proposal. But several states find far too prescriptive certain aspects of the reform, which would also require companies that use personal data for commercial purposes, like Google, Facebook and Microsoft, to obtain users' consent.

The Irish EU Presidency still hopes to secure an initial political agreement on the proposal before the end of its term of office (end of June). For this first substantive debate, it raised the question of the data officer. Some countries are totally opposed to this measure. "There is a real danger in making it mandatory, especially for SMEs. It would cost up to 200 million for the UK alone," argued British Minister Chris Grayling. He wrote a letter to Reding denouncing the potential cost of the reform. She replied that the Commission was trying to strengthen the single market, exactly as demanded by Prime Minister David Cameron.

Germany, where data protection officers are already mandatory for the companies most concerned, argued in support of the system. However, it also noted that the system could be optional at EU level. The Commission's aim, though, is precisely to put an end to this patchwork of national rules.

WHAT LEVEL OF RISK?

Given the danger of the initiative being scuppered, the Commission will try to hold its ground. It can agree to a less prescriptive regulatory approach based more on risks to data in terms of the company processing them. The Presidency suggests, for example, that high, medium and low levels of risk could be defined. "The key word should be simplicity. We are not here to create a toy for lawyers for multinationals," warned Reding, who refuses to see firms able to dodge the new obligations due to a lack of legal certainty.

According to the commissioner, the Irish idea of requiring all companies, including SMEs, to demonstrate their level of risk would paradoxically create much more...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT