Plans to beef-up the European Union’s data-protection rules face months of delays after some nations demanded more time to sign off on a law that would fine companies as much as 100 million euros ($136 million) for privacy violations, a senior EU official said.
The measures, which would also ensnare U.S.-based firms, are unlikely to win an accord before European Parliament elections in May, said the official who isn’t authorized to be cited by name because discussions are confidential. EU justice ministers will meet in Brussels on Friday to discuss the proposals.
This file is too complicated and sensitive for the 28-nation bloc to clinch a deal this week, the official told reporters in the Belgian capital today.
EU leaders at a meeting in October bowed to U.K. demands for a slowdown in the adoption of the data-protection law to consider the effect of the legislation on businesses, dropping a 2014 deadline in favor of a pledge to introduce the plans in “timely fashion.” The overhaul of the privacy law could also result in fines for U.S.-based technology companies that process EU users’ personal data companies, such as including Google Inc., Facebook Inc., and Apple Inc. for breaches.
While a deal is still possible, “if there’s not the necessary political will, the whole regulation is at risk,” Jan Philipp Albrecht, a German Green Party politician sponsoring the bill in the European Parliament, said in a phone interview today.
Friday’s meeting will be led by Lithuania, which holds the six-months rotating EU presidency until the end of this month. The EU official said it never was an ambition to reach an agreement at this stage on such a complex law.
“European heads of state and government committed to a ‘timely’ adoption of the new data protection legislation” and ministers “should now deliver on this commitment and adopt the EU’s data protection reform swiftly,” said Mina Andreeva, spokeswoman of EU Justice Commissioner Viviane Reding who first proposed the new law in January 2012.
The U.K. and Germany have been among the main holdouts against a fast adoption of the rules.
“I want to see us agreeing data protection legislation that works for the U.K.,” Chris Grayling, the U.K.’s justice secretary, said in an e-mailed statement today. “As the Prime Minister has made clear, it is better we take the time to get this right rather than rush into something that proves unworkable and costly.”
The draft text can’t become law until the Parliament and EU nations have agreed on it.
“There’s at this point still a lot of work needed to shape the regulation in such a way that it mirrors the high German data protection standards,” Philipp Spauschus, a spokesman for the country’s interior ministry, said in an e-mailed statement.