E.U. Keeps Wrangling over Data Privacy Rules ; Draft Bill Is Diluted as Lobbyists Seek to Relax Strictures on Companies

Article excerpt

Several proposals have been softened, no agreement is in sight, and governments are openly sparring over how far to go in protecting privacy.

More than a year ago, the European Union's top justice official proposed a tough set of measures for protecting the privacy of personal data online.

But because of intense lobbying by Silicon Valley companies and other powerful groups in Brussels, several proposals have been softened, no agreement is in sight and governments are openly sparring with one another over how far to go in protecting privacy.

On Thursday, justice ministers from the European Union's 27 member states agreed to a business-friendly proposal that what companies do with personal data would be scrutinized by regulators only if there were "risks" to individuals, including identity theft or discrimination.

The ministers debated a proposal that would no longer require companies to obtain "explicit" consent from users whose personal data they collect and process, instead of "unambiguous" consent, which is considered to be a lower legal threshold. And they discussed a proposal on balancing an individual's right to data protection with other rights, including the freedom to do business.

The ministers deferred discussion of the other most fractious provision, the so-called right to be forgotten. But in recent weeks, public comments by lawmakers and draft language suggested a softening of approach.

"The right to be forgotten has been softened, made more palatable," said Viktor Mayer-Schonberger, professor of Internet governance at the University of Oxford. "But it is by no means dead."

Although a final version of the legislation is not expected to be completed for many months, and maybe not until next year, the developments on Thursday are an early signal that the technology industry's lobbying efforts are gaining some traction.

The lobbying has been "exceptional" and legislators in Europe need "to guard against undue pressure from industry and third countries to lower the level of data protection that currently exists," said Peter Hustinx, the European data protection supervisor, referring to countries outside of the European Union.

"The benefits for industry should not and do not need to be at the expense of our fundamental rights to privacy and data protection," Mr. Hustinx warned in e-mailed comments.

In the past year, American technology companies have dispatched representatives to Brussels and issued white papers through industry associations arguing that stringent privacy regulations would hamstring businesses, already suffering from the recession in Europe.

U.S. government officials have also made trips across the Atlantic to press policy makers like Viviane Reding, the union's justice commissioner, who drafted the original, strict measures, for a less restrictive approach to data privacy.

The industry's arguments have found a ready audience among some European governments. They include Ireland and Britain, where there are acute worries that the European Union is failing to take advantage of growth opportunities from Internet businesses that might help revive the economy. Apple, Facebook and Google all have European headquarters in Dublin.

"Europe is not sleepwalking into unworkable regulations," said Richard Allan, Facebook's director of policy for Europe, echoing a cautious optimism among industry officials about the data privacy law. …