Pan-European data protection agreed despite Irish concerns

European Union ministers agreed to the creation of a pan-European data-protection body on Friday despite concerns from Ireland, the UK and the Netherlands that the new regime may be overly cumbersome in relation to business.

In a key meeting on the EU’s new data-protection legislation, ministers from the 28 EU member states signed up to the new “one-stop shop” model which will allow citizens to file complaints about data privacy issues in their country of residence, rather than in the country where technology companies are headquartered.

But the new system – which will have a major impact on the way US companies such as Google and Facebook are regulated – will also allow citizens and third-parties to appeal virtually any decision to a pan- European body called the European Data Protection Board, fuelling concerns that the appeals system may be overly complex.

The original proposal, announced by former EU Commissioner Viviane Reding in January 2012, was supposed to streamline the data regulation process for companies and citizens.

The issue of data protection is of particular relevance to Ireland. Because 29 of out of 30 of the world’s largest data companies have their headquarters in the country, the Irish Data Protection Commissioner (IDPC) effectively regulates data issues for those companies’ operations throughout the EU.

Lenient attitude

Germany has criticised Ireland for what it perceives to be its lenient attitude towards data privacy, a view reiterated on Friday by German interior minister Thomas de Maizière

, who appeared to compare Ireland’s approach to data protection to the regulatory policies that led to the banking collapse.

“We don’t want to have the same disaster like we’ve seen in the financial system a few years ago,” he said.

Minister of State Dara Murphy has strongly defended Ireland's record on data protection, pointing out that the IDPC has undertaken a number of "tough audits" of Facebook, while the Government already doubled the funding for the office of the commissioner in last year's budget.

While EU ministers on Friday signed up to the one-stop- shop principle – a key element of the data protection legislation – other parts of the regulation have yet to be agreed.

The Latvian presidency of the Council of the European Union also suggested on Friday there could yet be changes to the one-stop-shop mechanism, when ministers return to the issue in June. "The results we have achieved are the best possible for this moment, for March," Latvia's justice minister Dzintars Rasnacs said on Friday, adding that the presidency had taken note of the "many proposals" that had been raised during the meeting.

“We do not exclude the possibility of improving the text before June,” he said.

NSA surveillance revelations

The EU is facing calls to finalise data-protection legislation, which was last updated in 1995, when mobile phones and internet technology were in their infancy. But the issue is a contentious one, caught between the interests of US multinational tech giants such as Google and Facebook, and countries such as Germany and Austria, where data privacy is a major public concern, particularly since the revelations about NSA surveillance last year.