Several proposals have been softened, no agreement is in sight,
and governments are openly sparring over how far to go in protecting
More than a year ago, the European Union's top justice official
proposed a tough set of measures for protecting the privacy of
personal data online.
But because of intense lobbying by Silicon Valley companies and
other powerful groups in Brussels, several proposals have been
softened, no agreement is in sight and governments are openly
sparring with one another over how far to go in protecting privacy.
On Thursday, justice ministers from the European Union's 27
member states agreed to a business-friendly proposal that what
companies do with personal data would be scrutinized by regulators
only if there were "risks" to individuals, including identity theft
The ministers debated a proposal that would no longer require
companies to obtain "explicit" consent from users whose personal
data they collect and process, instead of "unambiguous" consent,
which is considered to be a lower legal threshold. And they
discussed a proposal on balancing an individual's right to data
protection with other rights, including the freedom to do business.
The ministers deferred discussion of the other most fractious
provision, the so-called right to be forgotten. But in recent weeks,
public comments by lawmakers and draft language suggested a
softening of approach.
"The right to be forgotten has been softened, made more
palatable," said Viktor Mayer-Schonberger, professor of Internet
governance at the University of Oxford. "But it is by no means
Although a final version of the legislation is not expected to be
completed for many months, and maybe not until next year, the
developments on Thursday are an early signal that the technology
industry's lobbying efforts are gaining some traction.
The lobbying has been "exceptional" and legislators in Europe
need "to guard against undue pressure from industry and third
countries to lower the level of data protection that currently
exists," said Peter Hustinx, the European data protection
supervisor, referring to countries outside of the European Union.
"The benefits for industry should not and do not need to be at
the expense of our fundamental rights to privacy and data
protection," Mr. Hustinx warned in e-mailed comments.
In the past year, American technology companies have dispatched
representatives to Brussels and issued white papers through industry
associations arguing that stringent privacy regulations would
hamstring businesses, already suffering from the recession in
U.S. government officials have also made trips across the
Atlantic to press policy makers like Viviane Reding, the union's
justice commissioner, who drafted the original, strict measures, for
a less restrictive approach to data privacy.
The industry's arguments have found a ready audience among some
European governments. They include Ireland and Britain, where there
are acute worries that the European Union is failing to take
advantage of growth opportunities from Internet businesses that
might help revive the economy. Apple, Facebook and Google all have
European headquarters in Dublin.
"Europe is not sleepwalking into unworkable regulations," said
Richard Allan, Facebook's director of policy for Europe, echoing a
cautious optimism among industry officials about the data privacy