* Stricter rules for unsecured data - justice ministers
* British and Dutch concerned by costs
* Less than one year to finalise complex reform
By Claire Davenport
BRUSSELS, June 6 EU justice ministers meeting in
Luxembourg on Thursday agreed to dilute proposed rules that
would require all data privacy breaches to be reported to
national watchdogs.
The new rules announced in January 2012 would overhaul
privacy laws that were written almost 20 years ago without the
Internet in mind and businesses - in particular web firms - and
regulators would face a swathe of new obligations.
Ministers want to avoid burdening businesses excessively and
so plan to introduce tougher rules for companies handling
sensitive and unsecured data than for firms which take the
trouble to encrypt data, they said at the meeting.
"It was agreed that the risk-based approach be introduced,"
Alan Shatter, the Irish justice minister said. Ireland occupies
the EU's six-month presidency.
"This ensures that companies will not be saddled with
excessive administrative burdens," a revised draft of the rules
by the Irish presidency said.
Giving an example, an EU source said that if a laptop with
sensitive and unsecured data is lost, the company will face
tougher consequences than it would have if that data had been
secure.
"If that data is encrypted ... then clearly the risk is not
that great," an EU source said.
It is not yet clear what kind of consequences companies will
face because ministers' discussions have not yet got this far.
Unsecured data losses may face heftier fines but this is still
open to debate.
Ministers said a more nuanced data law was needed to lighten
companies' and regulators' costs at a time when budgets were
being tightened.
In a letter to the Commission on Tuesday, British Justice
Secretary Chris Grayling said the draft in its previous form
would damage economic growth and job prospects.
The Dutch Minister for Security and Justice Ivo Opstelten
said on Thursday that the rules would have cost the Dutch
economy between 72 million euros ($95.00 million) to 1.1 billion
euros ($1.45 billion) per year.
The EU is attempting to regulate an explosion of online
media that continually throw up new privacy dilemmas. EU
officials are rushing to finalise the rules before the mandate
of the European Commission and Parliament run out next year.
Lawmakers in the European Parliament who have equal say on
the new regime have offered up to 4,000 amendments. The leading
parliamentary committee is expected to vote on the reform in
July.
If the rules are adopted it would be the first time that all
web and mobile companies would be captured by EU privacy rules
even if the data is handled outside the EU or if like many
mobile and web applications their services are for free.
Obligations would include having to seek customers'
permission to use or sell on their data and firms would also
face heavy fines for a range of misdemeanours such as failing to
erase a person's data.