New EU data protection: who pays when the rules are broken?

Written by on June 15, 2015 in News with 0 Comments
REUTERS/Thomas Peter

REUTERS/Thomas Peter

BRUSSELS (Reuters) – New European Union data protection rules expected to be agreed on today will allow citizens to sue companies that own data as well as those that process it on their behalf, for example cloud computing providers.

The new system is opposed by companies such as Germany’s SAP SE, International Business Machines Corp, Cisco Systems Inc and Inc who say it will kill off Europe’s cloud computing industry, as well as introduce uncertainty in business to business relations.

EU officials say the issue has been the subject of fierce lobbying from companies, who warn it could hamper the creation of a unified market in digital services, a key plank of the European Commission’s agenda to boost economic growth in the 28-nation EU.

Under the current, 20-year-old system, cloud providers – companies offering remote storing and processing of data on servers – would classify as ‘processors’ since they do not collect the data themselves. That means they are not held liable for using the data illegally unless they breach the contract with the company for whom they are processing – the data “controller.”

EU ministers will seek to reach an agreement on the data protection reform at a meeting in Luxembourg on Monday, after which final negotiations with the European Parliament will start.

“One key issue is who pays if rules (are) broken,” said an EU diplomat.

Companies argue that the current system works well and makes it easier for consumers by giving them a single point of contact. For example, if a bank breaks data protection laws, it would make more sense for the person affected to sue the bank, rather than the companies to which it outsources its human resources functions.

“It is important that consumers and businesses understand who ultimately is responsible for processing their data,” said Liam Benham, Vice President of Government and Regulatory Affairs at IBM. “Now the EU’s draft Data Protection Regulation risks blurring these lines of responsibility, setting the stage for lengthy and costly legal disputes, which will be perplexing for consumers and businesses alike.”

Part of the reason for spreading responsibility across several players is that data is often collected by one company, stored by another and processed by a third.

Additionally, many cloud providers are large companies such as SAP, Cisco and Amazon. The Commission feared cloud companies would be able to impose unfair terms on small businesses that would then bear the brunt of the responsibility if something went wrong.

“If an SME finds it hard to find a processor that doesn’t want to comply with European contract terms, there is plenty of choice,” said Rene Summer, spokesman for the Coalition of European Organizations on Data Protection, which includes SAP, Nokia Oyj and Ericsson.

(Reporting by Julia Fioretti. Editing by Andre Grenon)

Tags: ,


About the Author

About the Author: Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on, video, mobile, and interactive television platforms. .


If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: