US technology giants from Google to Facebook are too big to be left in the hands of individual national privacy watchdogs such as Ireland’s Data Protection Commission, according to the European Union’s top data protection official.
Isabelle Falque-Pierrotin, who became head of a panel of EU privacy regulators in February, said it would be bad if proposed EU rules mean that “two or three countries take the lead on dealing with the big players and the others watch the trains go by . There has to be more substantial consultation between the authorities on topics such as Google or Facebook,” she said.
As negotiations between governments and European Parliament lawmakers drag on over how to revamp privacy rules, there are splits on whether regulators in countries where companies have their European headquarters should be in charge of complaints or whether privacy watchdogs in other nations could also deal with them or probe the companies.
One-stop-shop
The one-stopshop approach – where a lead role is given to regulators in the country where each company has its European headquarters – shouldn't sideline other agencies, said Falque-Pierrotin, who also heads France's CNIL data privacy agency.
Ireland’s Data Protection Commission said in a statement that it backed the concept of a ‘one-stop-shop’ for companies providing services in different EU countries. “We agree on the importance of the lead data protection authority working in close cooperation with other data protection authorities whose residents are impacted,” it said. Facebook, Apple and Linked have Ireland as their main European base for data-protection purposes,
A one-stop-shop needs “to balance the interests of companies, privacy regulators and most importantly European citizens,” said Sabina Gockel, a spokeswoman for Microsoft Corp. “It is a logical principle to work towards.”
EU justice commissioner Viviane Reding, heralded the one- stop-shop as a way to simplify procedures for companies and citizens alike when she proposed revamping the bloc's privacy law in January 2012.
One lead authority
While there will be one lead authority, it "does not mean that all powers are vested solely in that authority," she said. "Data protection authorities will be strengthened" by giving fining powers to all and they will "act as a team when dealing with cross-border businesses".
A one-stop-shop system will reduce red tape and “will support both larger companies like Facebook and smaller start-ups across many different sectors,” said Erika Mann, managing director for public policy at Facebook Brussels.
The 28 national regulators are grouped together under the Article 29 Data Protection Working Party, which France’s Falque-Pierrotin heads. The EU panel published its position on the one-stop-shop last month. Its members work in line with their country’s privacy laws, based on EU legislation.
If the proposed new rules are adopted by governments and EU lawmakers, they would apply across all the countries and differences in approach would no longer be possible.
Members of the European Parliament already signed off on the draft law before this month’s elections. Governments must now agree on their negotiating stance, before entering final talks with lawmakers aimed at clinching a final deal. –(Bloomberg)