As discussions continue to take place on the future Data Protection Regulation, EU justice commissioner Viviane Reding said creating a single authority overseeing data protection issues would have numerous benefits for firms of all sizes.
“It is a key building block of the EU data protection reform and a prime example of the added value of the Regulation. It ensures legal certainty for businesses operating throughout the EU and it brings benefits for businesses, individuals and data protection authorities,” she said.
“Businesses will profit from faster decisions, from one single interlocutor (eliminating multiple contact points), and from less red tape. They will benefit from consistency of decisions where the same processing activity takes place in several member states.”
She said that any authority charged with handling data protection must be given strong powers to ensure it is feared by firms.
“The authority of the main establishment must retain meaningful powers. If its powers are excessively limited, for instance if it is not responsible for imposing fines, then the benefits of the one-stop shop are lost,” she said.
“The last thing we want is to create problems of coherence and effectiveness, and have new kinds of fragmentation.”
She said this would also have benefits for citizens as it would mean complaints could be lodged in any nation against any firm, irrespective of the company's location.
“The aim is to mend the current system in which individuals living in one member state have to travel to another member state to lodge a complaint with a data protection authority,” she said.
“That is why the Austrian student, Max Schrems, had to travel to Dublin to complain about Facebook. We need to fix this.”
To date debates around data protection laws have stumbled due to concerns raised by several governments, including the UK, which said it could prove too stringent and damage the UK economy by hampering the ability for firms to use data effectively.
Eduardo Ustaran, partner at European law firm Field Fisher Waterhouse, told V3 that the latest round of debate on how best to make a ‘one-stop shop’ work would likely be welcomed by businesses operating across Europe.
“This concept was warmly welcomed by global organisations operating on a pan-European basis, because it will mean that they are only accountable to one regulator for all of their EU data activities,” he said.
“In my view Reding's approach is spot on: one competent regulator seeking to co-operate with the others, and with the opportunity to escalate truly pan-EU matters to the European Data Protection Board (the new name for the Article 29 Working Party).”