European Data Protection Reform: A Never-Ending Story?

The proposal for the new European data protection regulation has been an issue for quite a while now – and now it seems as if that will be the case for longer than we hoped… Last Thursday, the council of ministers could not agree on mutual standards and the most important points in the data protection regulation.

Decision adjourned

Does this mean that the reform which was frequently discussed and changed in the last months since its first draft has been released in January 2012, will never be agreed upon?

We don’t know that. But due to the fact that the council of ministers is not the only body which has to give its consent – the European parliament needs to give his as well – it’s very likely that the decision about the proposal will be made in the next legislative period and not in this, as initially planned.

Criticism from European states

Some states – Germany, France, UK and some others – as well as the big internet companies are still not happy with the proposal. Many points need to be clarified, they say.

The “right to be forgotten” is one of those points. Big companies like Google are of the opinion that they are not responsible for the deletion of personal data of internet users and therefore such a right does not apply to them.

Of course, Viviane Reding, EU commissioner for justice, fundamental rights and citizenship, was not happy about the doubts and criticism.

“The data protection reform is too important, we can’t discuss it for too long”,

she said.

Germany fears lowering of data protection standard

Germany is one of the countries which have doubts about the content of the reform.

Important points are missing, politicians say. How to deal with cloud computing is one of those points. At the moment, cloud computing services in the US are a critical issue since the US does not have the same standard of data protection as Europe. When using those services, certain measures such as the conclusion of standard clauses of the European Commission or Safe Harbor certifications are necessary to secure the standard of data protection.

Due to the fact that Germany has a very high standard in data protection, politicians are afraid that those high standards might be lowered by the reform because data privacy regulation cannot only be found in the German Federal Data Protection Act (BDSG), but also in the codes of social law. Therefore, exception clauses are necessary, critics demand.

Silence and saying “Yes” are not the same things!

Of course, it was discussed again whether consumers have to consent explicitly to the processing of their data.

“Silence and saying “Yes” are not the same things”,

Reding said.

The reform: An expensive project?

Critics say that the reform means a financial burden for medium-sized companies as they have to have procedural directories and a data protection officer. That might cost jobs in Europe, they warn.

On the other hand, the EU Commission argues that the reform saves 2,3 billion Euro because companies only have to deal with the data protection authority of their country.

Protection of the citizen, not the companies

Reding emphasized that the regulation shall protect the citizens and not the companies.

The website „“ recently revealed that changes to the initial proposal came from lobbyists.

It’s not clear whether those lobbyists will prevail in all important points. But whatever the outcome will be: The current situation shows how much the reform and implementation of the regulation frightens the European countries – and, of course, the big American internet companies.

Please note that your comments will be published after review and approval by our administrator and not immediately after they have been posted. Please also see our Terms of Service and our Privacy Police.