There are encouraging signs momentum is building in the debate about reforming the EU’s Data Protection Regulation. In the past few weeks, while the European Council and Parliament have continued scrutinizing a proposal put forward earlier this year by the European Commission, stakeholders have been carrying on a robust public discourse about how best to protect consumers’ privacy while encouraging the growth of the digital economy.
At several recent cloud and privacy-related conferences, BSA has argued this cannot be a discussion about Europe alone. In the cloud computing era, privacy rules must be aligned globally so data can flow easily across borders. The real benefits of the cloud are in its potential for global scale. Right now, there are too many different rules standing in the way of the kind of trade in digital services we really need.
In recent months, rapporteurs from the Parliament’s committees on the Internal Market, Legal Affairs, and Industry have published their initial amendments to the Commission’s proposal. Encouragingly, many of these reflect improvements advocated by BSA and others, including introducing a more harm- and context-based approach to administrative sanctions and breach notification, and reductions in the Commission’s ability to mandate technological specifications. There also have been proposals to streamline administrative burdens and international data transfers.
Importantly, the Civil Liberties Committee, which has the lead on the dossier for the Parliament, is expected to present its draft amendments on the Commission proposal mid-January.
Meanwhile, the Council has begun putting forth its views on the draft. But progress has been stalled by concerns within Member States over the Commission text. Ireland, which takes over the Presidency of the Council in January, has indicated it intends to achieve political agreement by the end of its term in July 2013. That’s an ambitious time frame given the many concerns Member States have identified in the proposal.
There is no doubt a very active debate will resume in the New Year. While Europe’s privacy framework is certainly high on the list of priorities for industry and the European Institutions in 2013, we would caution policymakers not to push so aggressively that the timeline would not allow for thorough and thoughtful consideration of the ramifications on the digital economy.
A successful result will be a flexible and forward-looking privacy framework that looks beyond the boundaries of the single market and ensures European citizens and industry can participate in the global cloud computing market. It is essential we take however much time is needed to identify practical, workable solutions to achieve that.