This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.nytimes.com/2014/05/27/technology/with-european-data-rules-come-a-need-for-a-cop.html

The article has changed 3 times. There is an RSS feed of changes available.

Version 0 Version 1
With European Data Rules Come a Need for a Cop E.U. Debates Which Nation Will Regulate Web Privacy
(about 7 hours later)
LONDON — The new European Parliament that was voted into office over the weekend, despite having a different political makeup, is widely expected to reach a final agreement later this year on stricter online privacy rules that have long been in the works. LONDON — The new European Parliament that was voted into office over the weekend, despite having a different political makeup, is widely expected to reach a final agreement this year on stricter online privacy rules that have long been in the works.
The rules, as shaped over the last three years, would be stricter than those in the United States. They would create one law across the Continent to protect several aspects of online privacy, which is enshrined as a fundamental right in Europe, including restrictions on what information can be shipped overseas. And they would slap multimillion-dollar fines on any company that misuses Europeans’ data. The rules, which have been discussed since 2012, would be stricter than those in the United States. They would create one law across the European Union to protect several aspects of online privacy, which is enshrined as a fundamental right in Europe, including restrictions on what information could be shipped overseas. And they would impose multimillion-dollar fines on any company that misuses Europeans’ data.
Still, a crucial question remains up for debate: Which European regulator will have the final say over enforcing the rules? Still, a crucial question remains: Which European regulator will have the final say in enforcing the rules?
Under the proposals, companies will be able to operate throughout the Continent if they fulfill the requirements — and interpretation — of European rules from only one country’s privacy authority. The companies currently must comply with the regulator in each of the 28 countries of the European Union in which they do business. Under the proposals, companies will be able to operate throughout the region if they fulfill the requirements — and the interpretation — of European rules from only one country’s privacy authority. Companies currently must comply with the regulator in each of the 28 countries in the union in which they operate.
Lawmakers in favor of the proposals say that leaving the oversight with one country’s office gives companies more clarity about the rules. But consumer groups in Europe have warned that if the current proposal stands, tech companies — including American giants like Microsoft, Amazon and Google — could set up shop in the European country with the most lenient data privacy interpretation. Lawmakers in favor of the proposals say that leaving the oversight with one country’s office gives companies more clarity about the rules. But consumer groups in Europe have warned that if the current proposal stands, technology companies — including American giants like Microsoft, Amazon and Google — could set up shop in the European country with the most lenient interpretation of data privacy.
“This issue has become more political than technical,” said Raegan MacDonald, European policy manager for the digital rights group Access in Brussels. She added, “Who gets to decide on these matters is very important.” “This issue has become more political than technical,” said Raegan MacDonald, European policy manager for the digital rights group Access in Brussels. “Who gets to decide on these matters is very important.”
The law is expected to be finished in the first half of 2015. It has gained momentum since the revelations from Edward J. Snowden, the former National Security Agency contractor, about the spying activities of American and British intelligence agencies. Before the rules go into effect, though, each of the European Union’s 28 countries still must reach a final agreement with the European Commission, the union’s executive arm, and the European Parliament. The legislation is expected to be completed in the first half of next year. It has gained momentum since the revelations from Edward J. Snowden, the former National Security Agency contractor, about the spying activities of American and British intelligence agencies. Before the rules go into effect, though, each country in the union must reach a final agreement with the European Commission, the union’s executive arm, and the European Parliament.
The proposals build on existing rules from the 1990s, providing citizens with greater control over what data is collected, where it is kept, and which companies and governments have access to it. The rules also restrict what information can be sent to countries that do not replicate Europe’s data protection laws.The proposals build on existing rules from the 1990s, providing citizens with greater control over what data is collected, where it is kept, and which companies and governments have access to it. The rules also restrict what information can be sent to countries that do not replicate Europe’s data protection laws.
To police the new rules, international companies with European customers, even if they do not have offices on the Continent, would have to comply with the strengthened controls or face fines totaling 2 percent to 5 percent of global revenues, or $137 million, whichever is greater. To police the new rules, international companies with European customers even if they do not have offices in the region would have to comply with the controls or face fines totaling 2 to 5 percent of their global revenue, or $137 million, whichever is greater.
“The reforms in Europe will affect companies’ global operations,” said Wim Nauwelaerts, a data protection partner at the law firm Hunton & Williams in Brussels. “The fines are Europe’s big stick to ensure people take this seriously.”“The reforms in Europe will affect companies’ global operations,” said Wim Nauwelaerts, a data protection partner at the law firm Hunton & Williams in Brussels. “The fines are Europe’s big stick to ensure people take this seriously.”
Faced with the prospect of tougher privacy rules, companies like Facebook and eBay have lobbied hard since the proposals were first outlined in 2012 to limit the legislation’s impact, saying Europe is creating strict laws that make it difficult for companies to invest in the Continent’s lackluster economy. Faced with the prospect of tougher privacy rules, companies like Facebook and eBay have lobbied hard since the proposals were first outlined to limit the legislation’s impact, saying that Europe was creating strict laws that make it difficult for companies to invest in the region’s lackluster economy.
Industry groups have raised fears that the new laws would add costs, as companies must explicitly ask users on a regular basis how their data is used, and limit what information is sent to countries that do not comply with Europe’s privacy rules. Yet companies have supported the changes that give one regulator sole control over interpreting European rules. That, they say, adds regulatory certainty because companies will be responsible to just one authority across the Continent. Industry groups have raised fears that the new laws would add extra costs, because companies must explicitly tell consumers on a regular basis how their data is used, and limit what information is sent to countries that do not comply with Europe’s privacy rules. Yet companies have supported giving one regulator sole control over interpreting European rules. That, they say, adds regulatory certainty because companies will be responsible to just one authority across the region.
“We’re concerned that the new rules will remain as fragmented as they are today, but it will cost more to comply,” said John Higgins, director general of Digital Europe, a trade body in Brussels whose members include Microsoft and Apple.“We’re concerned that the new rules will remain as fragmented as they are today, but it will cost more to comply,” said John Higgins, director general of Digital Europe, a trade body in Brussels whose members include Microsoft and Apple.
Some national governments, however, have balked at these changes. Countries like Germany believe their domestic privacy rules, which are some of the most stringent in the world, may be watered down if other regulators gain greater control.Some national governments, however, have balked at these changes. Countries like Germany believe their domestic privacy rules, which are some of the most stringent in the world, may be watered down if other regulators gain greater control.
European lawmakers also have criticized the rules because citizens may not have the money, or even the language skills, to bring complaints against companies in other European countries.European lawmakers also have criticized the rules because citizens may not have the money, or even the language skills, to bring complaints against companies in other European countries.
Already, questions about who monitors and regulates online privacy are bubbling to the surface. Two weeks ago, the Continent’s highest court ruled that people could demand that Google take down links to information about them on the Internet. Already, questions about who monitors and regulates online privacy are bubbling to the surface. Two weeks ago, the union’s highest court ruled that people could demand that Google take down links to information about them on the Internet.
This so-called right to be forgotten, which is an important part of Europe’s new data protection legislation, allows individuals — both citizens of European Union nations and potentially others as well — to force global tech companies to remove links to their past activities, as long as people are not deemed to be public figures like celebrities or politicians. This so-called right to be forgotten, which is an important part of Europe’s new data protection legislation, allows individuals — European Union citizens and others — to force global tech companies to remove links to their past activities, as long as people are not deemed to be public figures like celebrities or politicians.
Analysts say the legal decision will force Google and other search companies to field a wave of new complaints, as people request that online links be taken down. But the ruling must be carried out by data privacy regulators at 28 different agencies across the European Union, which could lead to jurisdiction-shopping. Analysts say the legal decision will force Google and other search companies to field a wave of requests that online links be taken down. But the ruling must be carried out by data privacy regulators at 28 different agencies across the union, which could lead to jurisdiction-shopping.
“Data protection can’t survive on a national level,” said Peter Schaar, a former federal data protection commissioner in Germany. “We need to have an international approach.”“Data protection can’t survive on a national level,” said Peter Schaar, a former federal data protection commissioner in Germany. “We need to have an international approach.”
If the final privacy decisions will eventually rest with an individual regulator, many consumer groups expect Ireland to become the de facto arbiter on privacy matters for the Continent. Many American tech companies are based there because of the country’s low tax rates, and digital rights advocates say that Ireland is already known for taking a more moderate view on online privacy issues than regulators in countries like Germany and France. If the final privacy decisions will eventually rest with an individual regulator, many consumer groups expect Ireland to become the de facto arbiter on privacy matters for the union. Many American technology companies are based in Ireland because of low tax rates, and digital rights advocates say that Ireland is already known for taking a more moderate view on online privacy issues than are regulators in places like Germany and France.
Others have called on individual countries’ regulators to continue to play a role by acting as intermediaries between individuals and the privacy authority that holds the main responsibility for policing each company. That, industry lobbyists say, may lead to national regulators’ continuing to vie for control over privacy matters, despite regulatory efforts to make it easier to deal with individual complaints.Others have called on individual countries’ regulators to continue to play a role by acting as intermediaries between individuals and the privacy authority that holds the main responsibility for policing each company. That, industry lobbyists say, may lead to national regulators’ continuing to vie for control over privacy matters, despite regulatory efforts to make it easier to deal with individual complaints.
Whatever the outcome over who makes the final rules, European politicians are sure that their policies will still have more bite than the existing rules — and those currently on the books in the United States. Whatever the outcome, European politicians say their policies will have more bite than the current rules — as well as those on the books in the United States.
“Lobbyists need to understand that we’re creating a global digital standard,” said Jan Philipp Albrecht, a German politician who is a leading supporter of the new privacy rules. “This is important for all of our citizens.” “Lobbyists need to understand that we’re creating a global digital standard,” said Jan Philipp Albrecht, a German politician and a leading supporter of the new privacy rules. “This is important for all of our citizens.”