Exclusive: EU sources say UK has little backing as it seeks to kill privacy regulation,whilst Viviane Reding bites back against British lobbyists
UK government officials who oppose European privacy laws are isolating themselves and will ultimately lose the struggle, EU sources familiar with the matter have told TechWeekEurope.
As we reported yesterday, UK officials from the Ministry of Justice have been working hard in Brussels to radically change planned privacy rules to give European countries more wiggle room in how they are implemented. The EU proposals include a Data Protection Regulation, which would have to be put into national laws immediately – the UK wants the system replaced with two “directives”, which are less rigid, and don’t stipulate exactly how laws should be changed in all the European states.
The UK, along with the US and a large number of businesses, including tech giants Amazon and Facebook, are arguing against proposals which would curb what businesses can do with their customers’ personal data, require them to get permissions, and impose serious penalties if they breach the rules.
Opponents of the Regulation argue that the proposals are “over-prescriptive”, and by restricting firms’ actions would harm the economy. They particularly object to planned fines of up to two percent of a company’s annual turnover for serious breaches of the law, and the “right to be forgotten” by asking for personal data to be removed. Facebook believes this will demand too much from Web firms, who will have to find and delete any user’s data placed on their sites when they are asked to do so.
Not all businesses are opposing the proposals. Using personal data to deliver better services is essential, but users will need assurance they can trust the firms handling their data, said Ronan Dunne, CEO of O2 Telefonica UK, in an article published by TechWeekEurope. Others may want to change the proposals, but are stopping short of the radical demands of Britain.
Few other bodies agree with the UK government’s aim to have the regulation torn up, and it faces an uphill struggle, our sources said. At a recent EU meeting, only the UK, Hungary and Denmark raised problems with having a regulation.
The EU Council of Ministers, one of the two EU co-legislators alongside the European Parliament, bases decisions on majority voting. To stop legislation going through, a blocking minority of 91 votes (out of a total of 345) is needed, and this seems unlikely.
Countries each have a fixed (weighted) number of votes; the UK has 29, and adding the smaller blocks from Hungary and Denmark would only make 48 votes.
The UK is “far from [achieving] a blocking minority”, a source said. “I don’t see it as a possibility to reverse the architecture of what has been proposed.”
According to the European Commission, UK businesses are actually keen for a regulation, and if the UK got two directives instead, it would bring further complexity.
A letter from EC vice president Viviane Reding, who is leading the charge on the changes, to justice minister Chris Grayling MP, outlined why the Commission disagrees with the UK on the claims the Data Protection Regulation would be damaging for businesses.
In the correspondence, dated 8 March and seen by TechWeekEurope, Reding states a regulation “is the appropriate instrument for this endeavour”. “The regulation will open up the EU’s digital market. It meets the expectations of business, including SMEs, to have a true digital single market with one single law for data protection,” Reding wrote.
“Without a regulation, we would continue to have an inconsistent patchwork of 27 different laws, which entails huge legal costs for firms who simply want to do business in the single market.
“I am surprised to learn that it would be the intention of the UK to introduce a new layer of complexity, cost and risk of non-compliance, by having one set of obligations for domestic operations and one for cross border operations.”
UK not on board
It appears the UK has not been forthcoming in offering ways to improve the regulation either, as Reding concluded her letter: “At our meeting 13 February, I requested that the UK make concrete suggestions as to the way in which the proposed regulation could be amended in order not to impose an unnecessary administrative burden on business. I reiterate this request.”
There is a disagreement on the economic benefits of the changes too. According to the UK, the regulation and directive could cost the UK as much as £360 million per annum, whilst regulator the Information Commissioner’s Office (ICO) will have to find another £42.8 million.
But the EU says there will be a shared benefit for member states of €2.3 billion per year, thanks to administrative savings.
Reding has been on the offensive against lobbyists, claiming earlier this month the “scaremongering” businesses and governments wanting to water down the proposals would not succeed.
In the coming months, it is expected the UK and EU will continue to be at loggerheads over the laws, which will play a major role in determining the level of privacy European citizens can enjoy.
Are you a pedant on privacy? Try our quiz!