Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

EU's Data Protection One-Stop-Shop Inches Forward

EU's Data Protection One-Stop-Shop Inches Forward
EU's Data Protection One-Stop-Shop Inches Forward

Viviane Reding, vice-president of the European Commission and EU justice commissioner has explained the concept: "To further simplify things and reduce the danger of duplicating work, the Commission has also proposed to set up a one-stop-shop for data protection for businesses in Europe: the national data protection authority where the business has its main establishment will act as the single contact point."

In short, the data protection authority of the country in which a business has its primary European operation will provide decisions that will be binding on all other data protection authorities through the European Union. It is a major component of the whole GDPR proposal.

The good news for Reding is that a meeting of Europe's justice ministers Monday agreed in principle that the one-stop-shop is a good idea. The bad news is that is just about all that was agreed. A statement issued after the meeting included the standard code for 'no agreement reached:' "The discussion focused on how to arrive at such a single decision. A majority of the member states indicated that further expert work should continue."

Typical of the concerns was that voiced by Stefan Verschuere, vice-president of the Belgian data protection authority: a one-stop-shop would force data subjects "to fly to Dublin to plead their case,” since many of the world's leading companies have their primary European presence in Ireland.

The French minister for justice, Christiane Taubira, suggested a co-decision process that would involve all of Europe's data protection authorities – but, notes Lionel de Souza, a senior associate in the Hogan Lovells law firm, Ireland in particular argued "that co-decision would 'increase complexity and paralyze the decision process.'”

Germany proposed an alternative: an overall data protection authority that, says de Souza, "would act independently and have a number of powers. However, this proposal has met the opposition of Ireland, the United Kingdom, Sweden, and Denmark."

Clearly this proposal needs much work before it is acceptable to the different nation states. Reding is hopeful that a compromise text due in December will be more acceptable – but the May 2014 European election cut-off date is beginning to look very close.

What’s Hot on Infosecurity Magazine?