EU states agree to overhaul regulation of data protection

Agreement on common position means final deal is expected before the end of the year

Minister for Data Protection Dara Murphy said that while Ireland would have preferred stronger filters to reduce and qualify what type of cases could be taken to an appeal board, he was happy with the two-year review clause in the proposal.  Photograph: Daragh Mac Sweeney/Provision
Minister for Data Protection Dara Murphy said that while Ireland would have preferred stronger filters to reduce and qualify what type of cases could be taken to an appeal board, he was happy with the two-year review clause in the proposal. Photograph: Daragh Mac Sweeney/Provision

Negotiations between European Union member states and the European Parliament will begin as early as next week ahead of sweeping new data-protection regulations, as the EU's 28 countries agreed in Luxembourg yesterday to overhaul 20-year-old rules.

"I am very content that after more than three years of negotiations we have finally found a compromise," Latvian justice minister Dzintars Rasnas said.

“The new data-protection regulation, adapted to the needs of the digital age, will strengthen individual rights of our citizens and ensure a high standard of protection.”

The agreement on a common position on EU data law means a final agreement is expected before the end of the year, with Luxembourg, which takes over the presidency of the EU from Latvia next month, pledging to prioritise the issue in the coming months.

READ MORE

Erasure of data

The new laws will give citizens the right to enhanced data-protection measures, including the right to “erasure” of data in certain circumstances. They will also impose fines on companies found to be in breach of the laws, though details of the level of fines will be thrashed out between the

European Council

, representing member states, and the European Parliament.

Amid heavy lobbying, the proposal has also assuaged some concerns of those in industry – earlier proposals to introduce stringent data-protection responsibilities on small and medium-sized firms, for example, have been dropped.

Under the new rules, companies such as Google and Facebook, which have their European headquarters in Dublin, will continue to be regulated by the Irish data-protection commissioner though all EU citizens will have the right to bring data privacy complaints to data-protection authorities in their own countries under the "one stop shop" principle. Judgments made by national authorities can be referred to a new, EU-wide European board comprising data-protection authorities from all countries.

Minister for Data Protection Dara Murphy said that while Ireland would have preferred stronger filters to reduce and qualify what type of cases could be taken to an appeal board, he was happy with the two-year review clause in the proposal.

Criticism

Asked about recent criticism of Ireland’s data-protection regime from some member states, including

Germany

, he said Ireland would continue to regulate effectively the vast range of internet companies headquartered in Ireland.

“The fact that we have a very significant footprint of these businesses in our country doesn’t in any way undermine our ability to regulate them. In fact, the new regulation will have a pan-European set of rules for everybody – the rules will be very clear,” he said.

“We will be not found wanting at all when it comes to the regulation and the enforcement of these rules.”

Suzanne Lynch

Suzanne Lynch

Suzanne Lynch, a former Irish Times journalist, was Washington correspondent and, before that, Europe correspondent