Other available languages: none
Vice-President of the Commission, European Justice Commissioner
Speech: Justice for Growth makes headway at today's Justice Council
Press Conference, Informal Justice Council /Dublin
18 January 2013
Today, we have had a very important discussion on how justice policies can help to reinforce stability, jobs and growth in Europe – the Justice for Growth agenda. I am very grateful to the Irish Presidency and to my colleague Alan Shatter, the Justice Minister, for hosting this meeting and putting these important issues high on the agenda.
Good progress has been made on our proposals to reform the EU’s data protection rules under the Cypriot Presidency and we now need to further intensify the pace of discussions. That is why I welcome the Irish Presidency’s very strong commitment to furthering the negotiations on this crucial reform.
The reform will not only serve to reinforce privacy for citizens, but it will also increase the trust and confidence of consumers in doing business online. And more people doing business online is good for growth.
A modern and uniform set of data protection rules is good for growth: companies which want to use Europe's goldmine, a single market of 500 million consumers will get a single law for every EU country which can save them costs of up to 2.3 billion EUR per year.
A modern set of common European data protection laws can also strongly stimulate the development of the digital economy across the EU's single market. Some estimates show that EU GDP could grow by 4% by 2020 if the EU takes the necessary steps to create a modern digital single market.
We need to move up a gear now to keep up with the pace being set by the European Parliament. The main rapporteurs in the European Parliament (MEPs Albrecht and Droutsas) have just issued their draft reports, which contain supportive and important ideas and have stimulated the debate on data protection.
Let me now turn to the three important issues that the Presidency put on the agenda of this Informal Council and that we debated today:
The 1995 Data Protection Directive does not cover individuals processing data as part of a purely personal activity. This is the so-called "household exemption".
This principle makes sense. And that's why we've kept it in the proposed Regulation. It means that private individuals whose processing is just a normal everyday activity do not have to constantly consider data protection law.
We now need to carry this established principle into the digital age. And we have to take into account the case law in this area. In drafting our proposals the Commission has been guided by examples from everyday life. Our aim is to make sure that the Regulation will only apply in appropriate instances – where personal data needs to be protected.
I have therefore proposed a differentiated approach rather than a blunt approach. 3 different situations are dealt with in 3 different ways: first, the Regulation does not apply if you are really acting in a private capacity; second, you are covered by the Regulation if you pursue a gainful interest BUT this does not mean the entire Regulation applies to you – a series of exceptions means that only a light regime would apply; and third: the whole set of data protection rules applies only to those people who process data for a professional or commercial activity – they cannot benefit from the household exemption.
Let's take an example: in principle an individual using a social networking site with a limited number of contacts should not be covered by the Regulation. That person should not worry about data protection law.
Where there is a gainful interest however, I believe the situation is different. Take the example of a party organised through Facebook and sponsored by a brewery or a soft drinks company. I think that this situation should be covered by the Regulation. This does not however mean that organising such a party would be prohibited! No, here the light regime which is foreseen in the Regulation comes in.
This means that unless you are pursuing a commercial activity (organising parties is your business) you will not have to put together extensive documentation (Article 28(4) of our Regulation) and you will not have to face tough sanctions for a first and unintentional infringement of the data protection Regulation (Article 79(3)). These provisions will only apply to professionals (that is if your business is to organise parties).
This flexible system addresses existing case law and at the same time will help us exempt those activities that clearly do not need to be regulated.
Right to be forgotten:
The second point we discussed was the right to be forgotten. This is an important way of making sure that individuals are in control of their data. A response to the technologies that provide unlimited possibilities for the storage, exchange and dissemination of information.
The principle is simple: if you have given your data to a company you should be able to get it back or delete it. Unless there are good reasons not to do so.
To make this work in reality we have to be ambitious and pragmatic at the same time.
Ambitious because we should impose a clear obligation on a controller to erase data and to stop further dissemination of personal data where keeping the data is no longer necessary.
Pragmatic because we do not want to impose any unreasonable obligations on businesses. That is why the right to be forgotten does not mean obliging companies to eradicate every digital trace that has spread on the web – we have simply suggested that a company informs third parties about a request for erasure.
Let me also just mention one thing, as I feel there has been some confusion on this aspect: the right to be forgotten cannot be absolute just as the right to privacy is not absolute. There are other fundamental rights with which the right to be forgotten needs to be balanced – such as freedom of expression and freedom of the press. We have taken account of these. In order to make this absolutely clear, we have specified that the Right to be Forgotten cannot lead to the deletion where individuals are exercising their right to freedom of expression or keeping data for historical purposes which would include newspaper archives (Article 17(3)(c)). We have also specified that freedom of expression includes processing for journalistic purposes (Art 80).
In a nutshell: the Right to be Forgotten as proposed by the Commission is necessary, reasonable and workable. I am happy Ministers agree that this right should be one of the key pillars of the Regulation.
Let me say a few words on the third point, the administrative sanctions: I firmly believe that sanctions for mishandling or misusing personal data must be appropriate, proportionate and dissuasive; otherwise they will not be a deterrent.
Today, there are often no sanctions at all or they are so low that infringers pay the fine, laugh at the law and continue their breaches. We must put a stop to this. It would undermine the entire Regulation, let down individuals whose rights have been infringed and penalise the companies who do a good job.
I know this particular aspect is not very popular with companies – but if you play by the rules then you have nothing to fear!
The principle is the same as applied when calculating sanctions in other areas, such as in EU competition law for example. I find it difficult to see why under EU competition law a company can face a fine of up to 10% of its overall annual turnover, but a company that processes illegally the data of millions of people, up until today can face only a maximum fine of 600,000 euro - if at all.
I am therefore pleased that ministers today agreed on the need for data protection authorities to have strong and dissuasive sanctions at their disposal - if needed.
These three aspects are all important features of a data protection framework that is fit for 21st century technology and 21st century data processing practices. These three elements are indeed key building blocks of the proposal, and essential elements for the success of this Regulation. I am happy we could agree on this today.
Let me also just say a word on another topic we discussed under the Justice for Growth agenda: modernising Europe’s rules in cross-border insolvencies.
I am very pleased that the Presidency attaches the same importance that I do to this issue. This reform will benefit our businesses and citizens in these economically difficult times.
After a decade of experience we have proposed to modernise the cross-border insolvency rules from 2000 so that the rules support the restructuring of business in difficulties and create a business-friendly environment, rather than leading to liquidation. This is particularly important in times of crisis: we need to lend a helping hand to our businesses when the going is rough.
Available data speak volumes about the urgent need to create modern and efficient procedures for cross-border insolvency cases: Around 50% of enterprises do not survive the first 5 years of their existence, meaning that an average of 200,000 firms are going bankrupt across the EU each year, resulting in direct job losses of 1.7 million every year. Around a quarter of these bankruptcies have a cross-border element.
Some of these businesses are not financially viable in the long-term, but to those which are, we want to give both them and the people they employ a second chance. We are not talking about only large, multinational firms here. There are more than one million SMEs in Europe which have subsidiaries or joint ventures abroad.
I have now proposed the following amendments to the Regulation:
All in all, the changes will improve the efficiency and effectiveness of cross-border insolvency proceedings, affecting around 50,000 European businesses a year.
I look forward to continuing our fruitful discussions during the Irish Presidency and making swift progress on these important reforms.