Ripples of excitement have been spreading in the wake of an article in the Financial Times on 6th March that the Data Protection Regulation proposals will be “softened”. It quoted a memo by the Irish presidency noting the dissenting voices that have been raised and claimed a majority of countries were now opposed to the original draft.
The timing of the news item was significant - on Friday, 8th March the European Commission’s Justice Council is meeting with the DPR at the top of its agenda. Headed by Viviane Reding, the architect of the proposals, it is a key moment in the considerations by the Commission on how to respond to the pressure coming from all sides for changes.
While the FT report reflected a very US-oriented view from business about the challenges which the new law might create, it did not take into account both the internal politics of the Commission and the European Parliament, nor the long road ahead for these proposals. With three parliamentary councils still to provide their commentary and the Council of Ministers behind on its own deliberations, Reding made it clear in comments on 7th March, ahead of the meeting, how little she expects the proposals to change.
Here are three reasons why it is too soon to claim the DPR will be softened up:
1) The European Union can not take political directions from the United States
Objections have already been raised about MEPs allegedly cutting and pasting amendments to the DPR supplied to them by US businesses. With major American brands - Apple, Facebook, Google and Microsoft among them - seeing the problems which the regulations could cause their businesses, a lot of the push for changes has come from outside the EU.
Reding is having none of this: “If companies outside Europe want to take advantage of the European market with its potential 500 million customers, then they have to play by the European rules.” That is a clear enough indication that getting the DPR passed is about more than just data protection - it is central to the way the EU operates in the global market.
2) Data protection is now a fundamental right
The whole European Union project is based around giving individuals in Member States a common set of rights which are considered to be fundamental to life in modern society. Data protection has become one of those, since every interaction with government or business involves an information exchange.
That is why the DPR is heavily weighted in favour of the protection of the individual, regardless of how difficult those rights might be for business to provide. Accepting deep changes to the regulation would be tantamount to giving away a fundamental right, something no Commissioner is ever likely to do.
3)This is about the Community, not the social network
While privately describing the DPR as “the Facebook law”, the proposals are intended to set the scene for the next 20 years. When the existing legilsation was created in 1995, Apple and Microsoft had very little to do with personal information and neither Google or Facebook existed. So the Commission may be looking ahead and seeing a continuation of the European Community, without assuming the continued existence of any of those businesses. In which case, why architect a law to take their concerns into consideration?
None of these reasons mean that the DPR will not get amended. (There is even an outside risk of it not being passed at all, should a specific set of circumstances arise.) Compromise is the way Europe works, otherwise no laws would ever get passed. Continued contact with and lobbying of MEPs is essential.
But make no mistake - the real power play is that taking place within Brussels and the lead players in this context have much to lose by giving way. Don’t expect that to happen anytime soon.