Tech companies like EMC, IBM, Cisco and Amazon fear that new EU data protection rules being agreed today could threaten Europe’s cloud computing industry.
They fear that the new rules will allow citizens to sue companies that own data as well as those that process it on their behalf.
For countries like Ireland, where many of these companies have substantial data centre and software development hubs, it is a concern worth noting.
The new one-stop-shop rules are the cornerstone of the European Commission’s ambitions to create a Single European Market for digital goods and services.
The rules will be backed up by heavy fines – as high as €100m – for non-compliance.
The new rules will make it easier for consumers to withhold their data and will codify the “right to be forgotten” principle enforced on Google last year by Spanish data regulators. The EU has told Google that it wants to expand the right to be forgotten rule to all websites with a .com suffix and last year the EU voted in favour of Google being split into two entities in Europe, with its search operation being removed from its commercial business over antitrust fears.
A right to data portability will make it easier for users to transfer personal data between service providers.
No more Safe Harbour?
The rules also seek to ensure that data submitted to internet companies – such as Facebook or Google – is not sold on or used for other purposes.
Effectively, companies based outside of Europe will have to apply the same rules when offering services in the EU.
EU Justice Commissioner Věra Jourová said the aim of the data protection reform will be to enable people to better control their personal data.
She said that at the same time modernised rules will allow businesses to make the most of the opportunities of the Digital Single Market by cutting red tape and benefiting from reinforced consumer trust.
She said that the single set of rules will save businesses around €2.3bn a year in administrative costs.
“Today we take a big step forward in making Europe fit for the digital age. Citizens and businesses deserve modern data protection rules that keep pace with the latest technological changes.
“High data protection standards will strengthen consumers’ trust in digital services, and businesses will benefit from a single set of rules across 28 countries. I am convinced that we can reach a final agreement with the European Parliament and the Council by the end of this year,” she said.
Blurred lines could lead to lengthy legal disputes
However, technology companies like IBM, SAP, Cisco and Amazon and organisations like the Coalition of European Organisations on Data Protection, which includes SAP, Nokia and Ericsson as members, fear lengthly legal battles could ensue.
According to Reuters, IBM’s vice president of government and regulatory affairs, Liam Benham, has pointed out that lines could be blurred in data protection disputes.
“It is important that consumers and businesses understand who ultimately is responsible for processing their data,” Benham said.
“Now the EU’s draft Data Protection Regulation risks blurring these lines of responsibility, setting the stage for lengthy and costly legal disputes, which will be perplexing for consumers and businesses alike.”
Clouds and lightning image via Shutterstock