With European data protection supervisors saying they are not ready for the proposed E.U. data protection law, multinationals such as Facebook and Google are being left to contend with 28 different legal frameworks to address the issue across the region.
The proposed law suffered a blow last Friday when the Council of Ministers failed to reach agreement on the controversial "one-stop shop" regulator. This proposal would allow multinational companies to deal only with the privacy regulator of the member state in which the company is established. This has particular implications for the Irish regulator where Google, Facebook and LinkedIn are registered.
Willem Debeuckelaere, chairman of the Belgian Data Protection Authority, said Wednesday that he was glad talks on the proposed Data Protection Regulation had stalled. He described the one-stop shop idea as "crazy". "We are not ready, not at all!" said Debeuckelaere. "I am happy that there are now a lot of problems."
But Ireland's Data Protection Commissioner Billy Hawkes said that in principle a one-stop shop is a logical idea, though he called it a "mixed blessing" from an Irish perspective."I wouldn't be viewing it with any great enthusiasm due to having to deal with all these tech companies in Ireland, but it is a shame talks have broken down over a mechanism rather than the principles of the law," he said
Under the current proposals, any E.U. citizen could complain about a company to their own data protection authority. But that authority would then have to refer the case to the authorities in the country where the company is registered.
The two authorities would then work together on finding a solution, but the company's home country would have the lead. There have been suggestions that the European Data Protection Board could, in some cases, have a coordinating role with the power to adopt binding decisions regarding corrective measures.
Back in October, the Council of Ministers had expressed its general support for the one-stop-shop principle, but changed its position last week largely due to pressure from Germany and Belgium.
Skeptics of the proposals claimed that the one-stop shop would promote "forum shopping" where large multinationals would establish themselves in member states with perceived weak regulators.
E.U. Justice Commissioner Viviane Reding, who proposed the law was annoyed at the setback. "Instead of moving forward, we have moved back. We are effectively reopening questions which had been agreed in October," she said.
It now seems extremely unlikely that the law will be passed before the European Parliament elections in May 2014.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.