Vicepresident Reding maakt zich hard voor databescherming tijdens bijeenkomst Raad (en)

Met dank overgenomen van Europese Commissie (EC) i, gepubliceerd op dinsdag 8 oktober 2013.

European Commission

Viviane Reding

Vice-President of the European Commission, EU Commissioner for Justice

Vice-President Reding's intervention at the Justice Council on the data protection reform and the one-stop shop principle

Justice Council/Luxembourg

8 October 2013

President Barroso stated in this year's State of the Union Address that it is of utmost importance to advance swiftly on the data protection reform package. It is vital for both businesses and citizens. Our discussion today and the vote in the LIBE Committee of the European Parliament on 21 October are important steps towards finalisation of this reform under this legislature.

Let's keep in mind the economic importance of this proposal. The estimated value of EU citizens' data was €315 billion in 2011. It has the potential to grow to nearly €1 trillion annually in 2020. If we want to harness this potential, we need to open Europe's personal data market. Making progress on this file meets the expectations of citizens and businesses.

Extensive discussions have taken place on the details at technical level. In Vilnius, in July, political commitments were made to advance rapidly on this file. We now have an opportunity to translate those political commitments into real progress.

Confirming political support for the one stop shop

I particularly welcome the discussion today on the one-stop-shop. It is a key building block of the EU data protection reform and a prime example of the added value of the Regulation. It ensures legal certainty for businesses operating throughout the EU and it brings benefits for businesses, individuals and data protection authorities.

Businesses will profit from faster decisions, from one single interlocutor (eliminating multiple contact points), and from less red tape. They will benefit from consistency of decisions where the same processing activity takes place in several Member States.

At the same time, individuals will see their protection enhanced via their local supervisory authorities, because individuals will always be able to go to their local data protection authority and because decisions will be consistent. The aim is to mend the current system in which individuals living in one Member State have to travel to another Member States to lodge a complaint with a data protection authority. At the moment, when a business is established in one Member State, only the Data Protection Authority of that Member State is competent, even if the business is processing data across Europe. That is why the Austrian student, Max Schrems, had to travel to Dublin to complain about Facebook. We need to fix this. That is the purpose of the Commission's proposal.

Data protection authorities will be reinforced. At the moment, some data protection authorities don't have the power to impose a fine. We will give them that power. The authorities will also act as a team when dealing with cross-border businesses. This will avoid duplication, save resources and ensure quicker investigations and decisions. 28 voices are louder than one. It will bring benefits for citizens and for business.

Today we should give a unanimous signal that the one-stop shop is the only way forward for a “Win-Win-Win Situation” where,

  • businesses have one interlocutor,
  • individuals always have the protection of their local data protection authority including in transnational cases, and
  • data protection authorities are strengthened by working together to deliver better and more consistent protection throughout the Union.

Presidency Questions on how to improve the functioning of the one-stop shop

In order to find a solution on the one-stop shop, we need to be sure that the right balance is struck between the role of the authority of main establishment, and the powers of the authority which receives a complaint. If we confer powers that are too important on the lead authority, proximity to citizens will suffer. If we limit to the extreme the lead authority powers we lose consistency.

All the elements that we need to strike this balance are in the Presidency's paper. It is a question of linking them in the correct way.

First, the authority of the main establishment must retain meaningful powers. If its powers are excessively limited, for instance if it is not responsible for imposing fines, then the benefits of the one-stop-shop are lost. The last thing we want is to create problems of coherence and effectiveness and have new kinds of fragmentation.

Second, in order to guarantee the proximity of decision-making to citizens, we need to grant data protection authorities which receive complaints an increased role.

  • First, we can take inspiration from the French proposal: by ensuring that the data protection authority of the main establishment cannot take a decision without having done its utmost to reach an agreement with other authorities whose citizens are affected by the processing;
  • Second, we can draw on the Italian proposal: the data protection authorities which receives a complaint should be able to submit a draft decision to the authority of main establishment;
  • Third, as the German delegation has reminded us, we can secure the participation of all data protection authorities by reinforcing the role of the European Data Protection Board.

I agree that experts should explore how the European Data Protection Board can be reinforced. It would be premature to assume that the only way to strengthen the Board is to give it legal personality. Reinforcing the Board is an opportunity to increase consistency in how the law is applied while ensuring that the system remains fast, workable and effective and provides added-value.

In conclusion, I propose that we agree:

  • To the principle of a one-stop-shop,
  • with strong co-operation between authorities, in particular of the authorities which receive complaints, and
  • with a possibility to escalate a discussion to the European Data Protection Board.
  • Under these guidelines we should instruct our experts to enable us to take a final decision in December.

I look forward to hearing your views.