The Parliament.com, 22/10/2013
The European parliament's civil liberties, justice and home affairs (LIBE) committee has backed a package of proposals aimed at introducing sweeping reform of EU data protection rules.
MEPs in the LIBE committee voted on more than 4000 compromise amendments – on Monday evening in Strasbourg – to the highly controversial legislation.
The package – a data protection regulation and a directive on data processing in law enforcement – were steered through the committee by Greens/EFA deputy Jan Albrecht and S&D deputy Dimitrios Droutsas.
The result saw MEPs insert stronger safeguards for data transfers to non-EU countries as well as plans to introduce an explicit consent requirement and a right to erasure.
Albrecht: Breakthrough for data protection rules
Albrecht called the vote a “breakthrough for data protection rules in Europe,” adding that the outcome ensured that “they are up to the challenges of the digital age”.
“This legislation introduces overarching EU rules on data protection, replacing the current patchwork of national laws.”
“MEPs have voted to make clear that it is exclusively EU law that applies to EU citizens' private data online, regardless of where the business [that is] processing their data has its seat: the data of EU citizens cannot be transferred to third parties without any legal basis in EU law.”
“Today's vote would also ensure that citizens can truly exert control over their personal information online.”
“Parliament now has a clear mandate to start negotiations with EU governments. The ball is now in the court of member state governments to agree a position and start negotiations, so we can respond to citizens' interests and deliver an urgently-needed update of EU data protection rules without delay.”
Albrecht also called for EU leaders to make a statement on the issue during their summit in Brussels later this week.
Droutsas echoed Albrecht's comments, saying, “The protection of European citizens' personal data remains a key issue for us. [EU] member states must move fast now. It is their turn to act.”
Reding: An important moment for European democracy
The European commission welcomed the vote as a strong endorsement of its package of proposals, and an important signal ahead of negotiations with EU member states.
Responding to the vote, EU justice and fundamental rights commissioner Viviane Reding said, “Tonight's vote is an important moment for European democracy. The European parliament has just given its full backing to a strong and uniform European data protection law that will cut costs for business and strengthen the protection of our citizens: one continent, one law.”
ALDE spokesperson on the reform package, German deputy, Alexander Alvaro said that, “Although the final text is not perfect on all counts [we] ensured that there will be more transparency via new standardised icon-based information requirements and a new European data protection seal system.”
“Our aim with the reform is to modernise European data protection law in a way that allows consumers to continue having trust in technological advances as well as in their own ability to determine how their personal data is processed. At the same time, we want to create a transparent and crystal clear legal framework that allows Europe's digital SMEs to thrive”.
British ALDE member Sarah Ludford said she was, “extremely proud of the crucial leading role played by the ALDE group in our determination to secure a balanced text. We fought harder than any other political group for a regulation which guarantees high substantive privacy rights for citizens while permitting modern technological development which will benefit customers.”
In't Veld: strong negotiating mandate
Dutch ALDE deputy Sophie in't Veld said, the result gave the parliament a “very strong mandate to negotiate with EU national governments”.
“Member states are extremely reluctant to adopt any rules on data protection for police, judiciary or secret services. But, if anything, recent revelations have demonstrated the urgent need for the use of personal data to be bound to very clear and tight rules.”
ECR group shadow rapporteur Timothy Kirkhope also highlighted that the committee's vote “opens the way to further improvements in the draft law when MEPs begin negotiations with national governments”.
British conservative MEP Kirkhope argued that there were prescriptive elements in the compromise package that his group could not support, such as an arbitrary €100m maximum fine for breaches of data protection rules, which he warned would be crippling for small businesses.
“We have sought to play a constructive role in the passage of the new data protection regulation. The last data protection rules were drafted before most people had access to the internet so they are sorely in need of an update.
“We want the new regulation to put in place a broad set of principles that will create a level playing field in the EU single market, and ensure greater clarity around the rights and responsibilities of people when it comes to their personal information.
GUE/NGL group deputy Cornelia Ernst welcomed the committee outcome, saying, “This vote paves the way to ensuring a high level of protection for EU citizens,”
“The revelations by Edward Snowden have had a major impact on the discussions on data protection and boosted calls for more rigorous data protection standards. Therefore MEPs have done their duty in listening to those calls today.”
“The GUE/NGL group pushed hard during these negotiations to strengthen the data subject's rights in cases of profiling, to boost transparency, to restrict access of certain data, to tighten the rules on data transfer to third countries, and for the 'right to erasure'. Now we will take the fight to the council.”
Initial stakeholder responses were mixed, with the industry coalition for data protection (ICDP) calling for “considerable improvements to the adopted text”.
ICDP: Legal certainty for business
“ICDP is fully committed to this reform effort and to helping the European institutions deliver a regulation that will protect EU citizens' personal data, create legal certainty for enterprises, and allow businesses and consumers to leverage innovative digital tools and solutions,” said Chris Sherwood, head of public policy for the Allegro Group, speaking on behalf of ICDP.
“However, given the complexity of this dossier, considerable discussion still is required to achieve a practical, future-proof text that will provide meaningful rights and obligations and support growth of the digital economy in Europe.”
President of the standing committee of European doctors (CPME) Katrín Fjeldsted, acknowledge the “tremendous work done by members of the parliament on one of the most challenging piece of EU legislation”.
However, she added, “I am however truly disappointed with the outcome of the vote when it comes to health and medical data.”
“It is absolutely stunning how MEPs sacrificed medical ethics by waiving the obligation for a researcher to fully inform an individual of the research characteristics before he gives his consent. This goes against all internationally agreed ethical standards and will – in the long run – surely question the integrity of medical research.”
“In addition to this, the adopted text does not foresee any exemption to the right to be forgotten for purposes of preventive or occupational medicine, medical diagnosis, provision of care or treatment or the management of healthcare.”
“In other words, doctors might simply no longer be able to access their patients' medical records, while this is a matter of saving lives. This is extremely dangerous and will with no doubt harm patients sooner or later.”
BEUC: Rules need to stand the test of time and technology
Monique Goyens, the director general of European consumer group BEUC, said the proposed data protection package had taken on even greater importance following the recent Prism/Tempora scandals.
“It is of fundamental importance to reinstate the meaning of the word 'personal' in the global data debate. The basic right to privacy is being entirely diluted in today's flash floods of data. So we need to enact and enforce EU laws which will properly stand the tests of time and technologies.”
“People are looking to European lawmakers to ensure EU data protection standards are rebuilt. We are encouraged by MEPs' cross-party, strong stance on the central issues so far.”