New calls have been made this week for the creation of a European Union-wide data protection authority, that would supercede the Information Commissioner’s Office (ICO) and adjudicate on matters of data protection across the 27-member organisation.
The call has been made by the Belgian government’s Under-Secretary for Data Protection, Bart Tommelein, who plans to present the proposal to an informal meeting of Ministers of Justice in the Latvian capital Riga when they next meet.
The authority would be responsible for handling investigations against global companies, something national regulators would be ill-equipped to do, according to law journal, the National Law Review.
The proposal follows the decision by the European Union to tighten up data protection laws across the EU using the tool of direct “regulation”, rather than a directive. The regulation will be applied exactly as stated across the EU, compared to a directive, which gets translated into member states laws via acts of national parliaments. This can therefore lead to widely differing interpretations of the same directive in different countries.
In addition to the question mark over who handles alleged transgressions of data protection laws by multinational organisations, such as Sony, Google or Microsoft, different national data protection authorities can take very different attitudes over the same issues. This affects not only what is investigated, but the punishments they mete out.
“The current EU data protection regime only mandates the creation of independent ‘national’ data protection authorities (possibly with regional ones for federations such as Germany) and a European Supervisor for compliance within EU institutions,” according to the National Law Review.
The forthcoming Data Protection Regulation, which is likely to be implemented by the end of the year, mandates a European Data Protection Board, but without the power to levy fines – although the Regulation itself will allow national authorities to fine organisations up to €100m.
At the moment, too, member states are wary about the creation of a pan-European data protection authority and, according to the National Law Review, regardless of the Belgian government’s proposal, other states are currently attempting to cut down the powers of the proposed Board still further.