Luca De Matteis, justice counselor, permanent representative of Italy to the EU, stopped by the IAPP’s Data Protection Congress to set the record straight: While the Council of the EU has been accused of taking its time or even purposefully dragging its feet to create its draft of the data protection regulation and move the process toward the trilogue, that isn’t true.
In fact, “That’s very far from the truth,” he said.
What is true, however, is that developing an international system of complex legislation in the smoothest way possible is a very difficult task, bound to take significant time to curate.
“We’re all committed to a new framework, but at the same time, we want this to happen correctly, in a way that’s workable" and builds on the consensus of all the actors involved, he said, despite the fact that those actors come from completely opposite sides of the spectrum.
“One thing we can boast of about this presidency is that we have tried to work in an inclusive way,” De Matteis said of the Italians’ six months of leadership thus far. “We would like to leave this legacy of the Italian presidency.”
De Matteis gave the room a series of updates on where things stand with current negotiations on the forthcoming data protection regulation, a piece of legislation he calls highly horizontal in nature, cutting across a number of sectors and nationalities.
De Matteis anticipates a successful one-stop-shop mechanism, but he said it must be tempered to safeguard data subjects' rights. As such, while there should be a consistency among data protection authorities (DPAs) in enforcement and consistent implementation of the regulation, with one DPA overseeing the companies based in a local jurisdiction, the regulation should also provide remedies for data subjects seeking remedies against alleged violations at a DPA locally, rather than requiring Europeans travel across the EU to the location of the DPA presiding over the company in question to make a complaint.
In addition, the playing field must be leveled: The same rules should apply to both the private and public sector, he said.
Despite the negotiations being a “daunting exercise,” De Matteis said he does believe the council has done it.
“I think we may have found a solution,” he said. “We may have found the right combination of ingredients to make sure we maintain a strong regulation that will apply no matter the nature of the problem.”
While the regulation must require that national rules respect its key principles, the principles shouldn’t prevent the free flow of data.
The council draft to be presented next month will represent a much less prescriptive regulation that protects the EU's longstanding promise to its citizens that privacy is a fundamental right while employing a risk-based approach.
Meanwhile, also at the IAPP Europe Data Protection Congress this morning, Giovanni Buttarelli found himself in a bit of a precarious situation: The vote that was expected to take place just before he was to take the stage ostensibly confirming his appointment to the post of European Data Protection Supervisor (EDPS) was delayed until December 1.
Speaking then as the Assistant EDPS still, if only in title, Buttarelli discussed the future of the office he hopes to run soon. First, he aims to increase the effectiveness and the visibility of the office’s data protection approach by being a strong leader. That’s in the tradition of his predecessor, Peter Hustinx, who used his 10-year tenure to transform the office from obscurity to the lead authority for data protection and privacy in the EU and under whom Buttarelli served for years. Perhaps it’s Hustinx’s legacy that has Buttarelli making promises early, but he’s eager for the privacy community to know that he understands the expectations.
“I foresee from everybody a strong demand to do better, to do more,” Buttarelli said, adding that while the EDPS has earned a reputation as an excellent institution, “Because of this historical era of data protection, more should be done.”
Buttarelli anticipates that the data protection reform, whatever it looks like in its final version, will have a significant but positive impact on his office in terms of the global scope of activities that will fall on the shoulders of the regulator, though it may increase the workload some. But Buttarelli said his office will have to be selective in the causes it takes up while at the same time becoming more influential.
“We must do more, rather than less, to better protect EU institutions in such a changing environment that requires new approaches,” he said, adding those new approaches will include being more concise and practical as well as more conversant with technologies.
If you want to comment on this post, you need to login.