LUXEMBOURG – EU justice ministers meeting for the first time since revelations of US spying on Europeans, agreed on Monday that new data protection laws were needed but disagreed on how to proceed.
“Data protection reform is one of the most important pieces of EU legislation under discussion. PRISM was a wake-up call,” said Poland’s Michat Boni, referring to outrage earlier this year over reports of covert surveillance programmes run by the US National Security Agency in Europe.
“Our citizens need to be sure the state cares about their privacy,” Boni told his 27 counterparts at talks on a proposal by the EU’s executive to streamline data protection under a “one-stop-shop”.
It wants monitoring of firms or internet platforms that collect data across borders, such as Amazon, Google or Facebook, to be placed under a single regulator, the supervisory authority of the member state where it has its main office.
The proposal by EU Justice Commissioner Viviane Reding aims to cut red tape and speed up decision-making under a single set of rules aimed at bolstering Europe’s digital business, expected to be worth a trillion euros by 2020.
Complaints could be taken to the national authority.
“Companies will need one authorisation, not 28, there will be one rule and one law, not 28,” Reding said.
Prism was a clandestine surveillance programme operated by the US. Its existence was leaked earlier this year by American intelligence contractor Edward Snowden.
Ministers approved the thrust of the European Commission proposal but there were sharp differences on key questions, such as how to enforce the law Europe-wide and impose sanctions.
France called for joint decision-making between national supervisory authorities but Irish minister Alan Shatter, whose country plays host to most major US online stores and platforms, countered any such idea.
“It’s very important that we don’t water down the European Commission proposal,” he said. “We must avoid adding more complexity and bureaucracy.”
Germany on the other hand suggested creating a European Data Protection Board and giving it strong powers over national bodies.
But that suggestion was opposed by Britain, Denmark, Ireland and Sweden.
“There is still a lot of work to do,” said Britain’s Chris Grayling, who has repeatedly warned against rushing through legislation targeting multinationals that could wind up hurting small data collection firms.
Reding wants data protection discussed at a European Union summit later this month and called for a final draft to be ready in December for approval at this year’s last EU summit.
“We will see if we can succeed,” said Lithuanian Interior Minister Juozas Bernatonis who chaired the talks.