A deal to force Internet companies such as Google and Facebook to abide
by EU rules is a first step in a wider reform package to tighten privacy laws
Companies based outside the European Union
must meet Europe’s data protection rules, ministers agreed on Friday, although
governments remain divided over how to enforce them on companies.
The agreement to force
Internet companies such as Google
and Facebook
to abide by EU rules is a first step in a wider reform package to tighten
privacy laws - an issue that gained prominence following revelations of US
spying in Europe.
Vodafone’s disclosure on
Friday of the extent of telephone call surveillance in European countries
showed the practice was not limited to the United States. The world’s
second-largest mobile phone company, Vodafone
is headquartered in the United Kingdom.
“All companies operating on European soil have to apply the rules,” EU
Justice Commissioner Viviane Reding
told reporters at a meeting in Luxembourg where ministers agreed on a position
that has also been backed by the Court of Justice of the European Union (ECJ).
Germany and the European
Commission, the EU executive, have been highly critical of the way
the United States accesses data since former US National
Security Agency contractor Edward Snowden
last year revealed US surveillance programmes.
Disclosures that the United
States carried out large-scale electronic espionage in Germany, including
bugging chancellor Angela Merkel’s mobile phone, provoked indignation in
Europe.
“Now is the day for European
ministers to give a positive answer to Edward Snowden’s wake-up call,” Ms
Reding said.
Commenting on Vodafone’s
disclosure, she said: “All these kind of things show how important it is to
have data protection clearly established.”
The reform package, which was
approved by the European
Parliament in March, has divided EU governments and still needs work
to become law despite Friday’s progress.
While ministers also agreed on
provisions allowing companies to transfer data to countries outside the
European Union, there was no decision on how to help companies avoid having to
deal separately with the EU’s 28 different data protection authorities.
That issue was thrown into
stark relief by a ruling from Europe’s top court requiring Google to remove
links to a 16-year-old newspaper article about a Spanish man’s bankruptcy.
The search engine has since
received tens of thousands of requests across Europe, and under current rules
has to deal with each national authority.
A ‘one-stop-shop’ arrangement
would allow companies to deal exclusively with the data protection authority in
the country where it has its main establishment. But governments are concerned
about a foreign data protection authority making binding decisions that they
would then have to enforce.
For example, if a complaint
originated in Denmark against a company based in Ireland, the Danish
authorities would have to implement a decision by the Irish data protection
body, something that is both legally and politically difficult
No comments:
Post a Comment