Privacy, National Security Tension Puts EU Harmony at Risk

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Stephen Gardner

Dec. 1 — Tension between European Union privacy advocates and those seeking broader access to data to fight crime and terrorism may be negatively affecting the implementation of the bloc’s new privacy regime, EU Justice Commissioner Vera Jourova said Dec. 1.

The EU General Data Protection Regulation (GDPR) should be implemented in a harmonized way in the 28 EU countries, but “we are in general now in a very difficult period” for data protection, Jourova said at the European Data Protection and Privacy Conference in Brussels.

Harmonization of EU privacy regulatory oversight and enforcement is of keen interest to multinationals doing business in Europe—including U.S. technology giants such as Facebook Inc. and Alphabet Inc.'s Google—that are looking to avoid the patchwork of compliance obligations in the 28 individual EU countries. The GDPR, which takes effect in May 2018, was adopted with that harmonization goal in mind.

EU officials are working to preserve the harmonization goal and will be issuing guidance on those aspects of the GDPR where countries are allowed some discretion, Jourova said. In preparation for the GDPR, Jourova said it was the job of the European Commission, the EU’s executive arm, to offer a “proper balanced reaction” in the face of pressure for more government access to data, while there were also competing pressures in favor of a very strict interpretation of privacy rights.

In parallel, the Article 29 Working Party of EU data protection commissioners is also preparing guidance aimed at ensuring consistent application of various aspects of the GDPR.

Giovanni Buttarelli, the European Data Protection Supervisor, also speaking at the Brussels conference, said that the Art. 29 Working Party would meet Dec. 12-13 and would issue a “suite of forward-looking guidance documents.”

Jourova said it is of “utmost importance” that privacy regulators should allow scope for feedback on their guidance so there is a “reality check” on what they put forward.

EU West Versus East Mosaic

EU countries are an “interesting mosaic” in terms of differing emphases on privacy and national security, Jourova said. These differences translate into the enforcement authority given to privacy regulators in each country that will be on the front line in enforcing the GDPR, she said.

In some countries, voter attitudes are tending to “push the pendulum towards a stronger state,” which could result in national security being prioritized over privacy, Jourova said.

She drew a distinction between western European countries where regulators “push hard to have a stronger right to privacy,” and former communist eastern European countries where the privacy “voice is weaker.”

Guidance Coming

The European Commission is meeting monthly with EU national authorities in an effort to coordinate the repeal of national data protection laws, she said.Those laws were adopted to legally transpose the 1995 EU Data Protection Directive (95/46/EC) into national law. As a regulation rather than a directive, the GDPR has direct effect on the EU’s 28 member countries.

Nevertheless the GDPR leaves a number of issues to the discretion of national governments, including the balance between privacy and freedom of expression in the media, data protection rules in relation to employment law and the minimum age at which data subjects can consent to the processing of their data.

These variables are “rather problematic,” and “measures taken at national level must not lead to any fragmentation,” Jourova said.

The commission expects to issue guidance on the transition to the GDPR by mid-2017, Jourova said.

Jourova said it is of “utmost importance” that privacy regulators should allow scope for feedback on their guidance so there is a “reality check” on what they put forward.

To contact the reporter on this story: Stephen Gardner in Brussels at correspondents@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law Privacy and Data Security