European Commission could change data protection laws as technology and attitudes alter

Out-Law News | 30 Jul 2012 | 8:00 am | 2 min. read

The European Commission could be given the power to change data protection laws in the future in order to respond to advancements in technology, according to a report by a news agency.

Reuters has reported that Sweden and a number of other EU member states have managed to obtain an agreement during negotiations over EU data protection reforms that would allow the Commission to "adapt the rules as technology and attitudes towards data protection change".

The agreement was made at a meeting of the Council of Ministers in Cyprus earlier this week, the news agency said in its report

"For us it's important that we have legislation that is of course detailed enough to give protection to citizens, but that is also applicable for a longer period of time," a Swedish official said, according to Reuters.

The European Commission's draft General Data Protection Regulation was one of two legislative texts around data protection the Commission proposed in January and, if enforced, would introduce a single data protection law across all 27 EU member states. Companies that process personal data of EU citizens from outside the borders of the trading bloc would also be subject to the rules.

Germany is one of the countries opposed to the creation of a single data protection regime, but Reuters has reported that the country made some concessions around that issue at the Council of Ministers negotiations. In return, Germany won more freedom in how the Regulation's rules should be applied, according to Reuters.

Germany had wanted its public sector organisations to be exempt from a requirement to make information they store more accessible, but other countries currently have a more open policy around public data access.

"As far as certain member states do already have a stricter regulation for certain areas of the public sphere, the new legislation should also give member states the possibility to preserve these differentiated levels of data protection," EU Justice Commissioner Viviane Reding said, according to the Reuters report.

In June the Council of Ministers outlined some revisions it had made to the Commission's original draft Regulation.

A Government spokesperson told "The Government wants to see EU data protection legislation that protects the civil liberties of individuals, while allowing for proper public protection, innovation and growth. These should be achieved in tandem, not at the expense of one or the other."

"The processing of personal data should be founded on the principles of necessity and proportionality, appropriate data protection safeguards and appropriate data protection oversight. The Government will negotiate for a position that does not overburden business and law enforcement agencies, at the same time ensuring personal data is protected," the spokesperson added.

Business bodies in the UK have complained that the Commission's proposals were "unworkable" and would "stifle growth and innovation"

The Government held a 'call for evidence' on the Commission's proposed reforms earlier this year and last month outlined its response. It said the Commission's assessment on the impact its draft Regulation would have on businesses does "not properly quantify the costs which would be imposed on business through compliance with the proposals."

It added that the Commission had also "potentially" overstated the benefits of creating a single data protection law to govern across the EU.

The Ministry of Justice said it would work to "try to better quantify the costs and benefits of the Commission's proposals on the UK economy" as well as seek "to better understand" the benefits of having a single-applicable data protection law in the trading bloc.