An important vote on the future of the European Union's privacy laws has been delayed again.
On Monday, the civil liberties committee of the European Parliament met to discuss the latest draft of Europe's Data Protection Regulation. German member of parliament (MEP) Jan Philipp Albrecht, who is charged with steering the legislation through to the final vote, explained that although several meetings have been held and some agreements have been reached, more rounds of discussions are still needed.
Therefore the committee will not be able to vote on the draft on May 29 as planned. Albrecht said he believes that compromises can be adopted with a broad consensus and that a vote is still possible before the summer recess in July.
Ireland, which currently holds the E.U. presidency, is very keen to see a vote at the member state level before the end of its presidency on July 1. However this is only possible after the Parliament as a whole has voted, something it will not do until it has heard from the civil liberties committee.
The proposals for the overhaul of the E.U.'s data protection laws come from the European Commission. The original laws date from 1995, and need to be updated for the Internet Age.
The plan is to create one directly applicable regulation to replace 27 different national data protection and privacy laws. The commission says the exercise would save industry €2.3 billion (US$3 billion) annually. But in an effort to reach some sort of consensus, more than 4,000 changes to the draft text have been put forward in Parliament.
Speaking to the committee on Monday, Dutch MEP Sophie In't Veld said she was still worried that some member states want public services removed from the regulation. Sources say that Germany in particular is keen to have public services fall under a directive (which can be interpreted as national authorities see fit) rather than a regulation, which must be uniformly implemented in all countries.
In't Veld emphasized that public services should remain within the scope of the regulation. In 2011 European Data Protection Supervisor Peter Hustinx made the same point. "A single legal text avoids the risk of discrepancies between provisions and would be the most suitable vehicle for data exchanges between the E.U. level and the public and private entities in the member states," Hustinx said in a statement.
Another Dutch MEP, Wim van de Camp, said that the new regulation must cut red tape in terms of documents for small and medium businesses; clarify the responsibilities of controllers and processors; enable the use of data for existing business models, insurance companies and research; and ensure the proposals regarding data portability and "the right to be forgotten" are practically feasible.
In a published statement, digital rights group La Quadrature du Net said that as it currently stands, the regulation would significantly strengthen citizens' rights. But it added that in response to the Commission proposal, "powerful companies, mainly based in United States (banks, insurances and Internet services), have led an unprecedented lobbying campaign."
"Their goal is to make withdraw from the final version of the Regulation those proposals aimed at protecting citizens' personal data. Before this vote, we have to make certain that civil liberties MEPs will not break under lobby pressure," said organization spokesman Jérémie Zimmermann.