It is caught between demands for tougher wording from civil liberty-minded MEPs such as Amelia Andersdotter (Greens), and demands for relaxation from industry-minded MEPs such as Giles Chichester (European Conservatives and Reformists Group) on behalf of lobbyists such as the American Chamber of Commerce – and member states such as the UK who would prefer it to be a Directive (which can be interpreted by individual nations) rather than a Regulation (which must be implemented as specified by Brussels).
The result, fears Jan Philip Albrecht (Greens), is that the Regulation could end up weaker than the existing 18-year old Directive. "We promised the people that we will help give a proper legislation that will better enforce their rights, better protect their interest,” he told EUobserver yesterday; “and in the end, the only thing that we are doing - and this is not excluded – is to water down existing law.”
AmberHawk, a UK information law training company, is quite explicit in its HawkTalk blog yesterday. “My own view: I still think the Regulation will not make it. Just look at the number of reservations from Member States. And there are another 40 Articles to go.” He was specifically commenting on a leaked document from the Working Party on data protection and exchange of information (DAPIX – a working party that oversees the exchange of information between law enforcement agencies). Although DAPIX has relevance to only some of the articles within the GDPR, “the direction of travel is clear,” says AmberHawk.
“That direction is; less prescription and more flexibility for Member States, all data subject rights to object (e.g. to forget, profiling) much reduced, the data protection officer role is not going to happen in the UK (I think), and data loss reporting becomes more sensible.”
It all makes the statement issued separately by the European Data Protection Supervisor Peter Hustinx (also yesterday) sound rather desperate. “The lobbying surrounding the current review of the EU data protection law by organisations both from Europe and elsewhere has been exceptional,” says his office; adding that the EDPS had “warned the EU legislator to guard against undue pressure from industry and third countries to lower the level of data protection that currently exists.”
“The benefits for industry should not - and do not need to - be at the expense of our fundamental rights to privacy and data protection,” claimed Hustinx. But Albrecht fears they will be. And if that happens, he also fears the public “will completely lose the trust in the European Parliament and in the European Union as a whole," he told EUobserver.