The long awaited reform to European data protection laws may fall short of delivering the consistency and simplicity promised for the 28 country bloc, reports Julia Fioretti, Reuters.
The laws replace the 20 year old privacy laws introduced at a time when the internet was emerging. The laws were criticised for “lacking teeth” and leaving room for interpretation across the EU.
Last week the EU agreed an overhaul of the data protection rules resulting in the introduction of a single rule book, fines of up to 4% of a company’s global turnover and a simpler system of enforcement.
Already critics of the new laws have concerns about the regulators ability to manage the increased workload and question whether the overlap in regulations across the EU has been removed.
The new laws effective in 2017, reports Ms Fioretti “states that companies operating across the EU should only have to deal with the regulator where they have their European headquarters” Citizens can still complain to their national data protection office about a company located in another country. This means the local authority in question can object to the decision made where the company has its EU headquarters. The ability to complain to a local regulator, according to consumer groups, is an important aspect of protecting citizen’s privacy.
With many of the issues left to the discretion of the individual country, lawyers are concerned that the laws are open to different interpretations. In the event of a disagreement among regulators, the case will be referred to a newly created European Data Protection Board to make binding decisions.