New EU privacy rules to allow challenges to Irish regulator

Reuters News
Posted: Feb 25, 2015 10:30 AM

By Julia Fioretti

BRUSSELS (Reuters) - Ireland will not retain sole control over privacy disputes involving companies such as Facebook and Apple under new rules agreed on Wednesday allowing any of its European peers to challenge Irish rulings.

Under a "one-stop-shop" mechanism initially proposed in reforms of EU data protection laws, businesses operating across the 28-nation bloc would only have had to deal with the data protection authority in the country where they are headquartered or have their main European base - even if the alleged mishandling of data affects citizens in another country.

But opposition from some member states that do not want their national regulators to lose policing powers over multinationals such as Google, with an Irish base, led to the proposal being altered so that any "concerned" authority could object to a decision.

That would trigger the intervention of the European Data Protection Board, a still to be created assembly of all 28 EU regulators.

On Wednesday, a majority of member states agreed to scrap an option requiring at least a third of concerned authorities to object, diplomats said, potentially giving a single "concerned" authority the right to complain.

"A majority is going towards a non-quantitative threshold," one diplomat said.

Latvia, which holds the rotating European presidency, had suggested rules to ensure a minimum number of regulators object to a decision before it is referred to the European Data Protection Board with the power to overturn the original decision.

Ministers will have to sign off on Wednesday's agreement when they meet in two weeks.

Stop This Idiocy And Confirm Him
Kurt Schlichter

Diplomats said work on the proposal would continue to make sure that only "relevant and reasoned" objections would trigger the intervention of the board.

However one EU diplomat said a quantitative threshold was still possible, highlighting divisions among member states.

Currently EU data protection authorities only meet as an advisory group called the Article 29 Working Party.

In the past Ireland has been accused of going soft on multinationals when it comes to privacy laws to remain an attractive business location.

But the new head of Ireland's data protection watchdog rejected those claims last week.

(Reporting by Julia Fioretti; editing by Philip Blenkinsop/Ruth Pitchford)