The European Union is backtracking from plans to allow U.S. Internet giants to be regulated by a single data-privacy watchdog in the EU, threatening the so-called one-stop-shop backed byGoogle Inc. (GOOG) to Facebook Inc. (FB)
Amid a turf war over who gets to regulate some of the world’s biggest companies, justice ministers have dropped proposals to give sole power to regulators where companies have their EU headquarters. As they met in Brussels today, splits emerged over an alternative plan that would see powers spread out, giving other nations the right to veto decisions taken by the lead authority.
The compromise proposal “effectively allows each authority to exercise a veto over the decision of the lead authority,” said Wes Himes, a director at the European Digital Media Association, whose members include Google, Facebook and Microsoft Corp. “All we want is one decision, one outcome.”
With U.S. companies such as Facebook, Apple Inc. (AAPL), and LinkedIn Corp. (LNKD) having Ireland as their main European base for data-protection purposes, policing privacy violations already resembles a battle between David and Goliath for thinly staffed agencies in some of the EU’s smallest nations.
Countries including France opposed earlier plans for the one-stop-shop, calling for more power on how such companies are regulated.
‘Complex and Burdensome’
While German Interior Minister Thomas de Maiziere said the revised plan to involve all authorities in a decision was “sensible,” countries such as Ireland, Poland and the U.K. strongly opposed the changes.
The re-written proposal will create a “complex and burdensome system which is unlikely to achieve the key objectives of legal certainty and proximity,” Dara Murphy, Ireland’s data protection minister, said at the meeting.
The definition in the draft of who would be the “concerned” regulators that could oppose a lead authority’s decision “is very wide” and “it will only take the disagreement on the part of a single” authority to trigger the referral of a case to a board that will be charged with settling disputes, he said.
This in turn will cause delays that “are not conducive to business efficiency or legal certainty,” said Murphy.
U.K. Justice Minister Chris Grayling said the compromise solution would create “disagreements and legal challenges, protracted delay, huge expense and a large volume of cases building up” in the EU’s top court. Ministers have “a real desire to grasp a solution if they can find it,” he said.
Cross-Border Cases
The latest proposals on how to revamp the EU’s 19-year-old data privacy law would make changes putting all watchdogs “concerned” in charge of deciding on cases affecting more than one country. The new mechanism would apply in “important cross-border cases” and oblige the lead data agency to come to a decision jointly with other EU regulators.
“If after a few weeks or a month, let’s say, there are no major objections” to “a decision from the lead authority, it will be assumed adopted by all of the regulators,” said Edouard Geffray, secretary general of France’s data regulator, CNIL. “This refutes any criticism that the proposed system would lead to long delays. It would lead to a rather efficient system.”
Facebook and Microsoft declined to comment, while Google representatives didn’t immediately respond to requests for comment.
Ex-Commissioner
The EU’s former justice chief Viviane Reding heralded the one-stop-shop as a way to simplify procedures for companies and citizens alike when she proposed the revamping of the bloc’s privacy law in January 2012.
“We believe in a lead data protection authority and a pure one-stop-shop system,” said Himes. The alternative is a “convoluted process of multi-consultation, multi-decision making.”
Having to seek feedback and get the green light of all regulators concerned would lead to a “paralysis,” said Gerard Lommel, head of the Luxembourg privacy authority until last month.