New European Union Data Protection Regulations expected to be finalised today will kill the trading bloc’s cloud computing industry and push internet companies out of the continent.
That is the warning of technology giants as diverse as SAP, IBM, Cisco and Amazon.
The new regulations, which are expected to be finalised today after a tortuous three-year process will, according to Reuters, enable EU citizens not just to sue companies that hold their personal data, but also organisations that process it on their behalf.
On top of that, organisations found to be in contravention of the regulations will face swingeing fines calculated as a percentage of turnover.
But the measures, according to Reuters, have been opposed not just by US technology and internet giants, such as Cisco, IBM and Amazon, but also German software giant SAP. They say that the regulations will kill off Europe’s cloud computing industry and drive companies out of the trading bloc.
The data protection rules are being brought in under the mechanism of a “regulation” rather than a directive in order to make them directly applicable across the EU. Directives, in contrast, have to be translated into member states’ own laws, a process that has led to wide variations in interpretation and enforcement across the EU.
EU officials claim, however, that the regulations are required to harmonise data protection across Europe as part of plans to create a unified market in digital services. The officials claim that such harmonisation across the 28-country bloc – even if opposed by technology and internet companies – will boost economic growth across the EU.
“Under the current, 20-year-old system, cloud providers – companies offering remote storing and processing of data on servers – would classify as ‘processors’ since they do not collect the data themselves. That means they are not held liable for using the data illegally unless they breach the contract with the company for whom they are processing – the data ‘controller’,” explains Reuters.
Despite opposition from technology giants, EU government ministers are expected to reach agreement on the new regulations today at a meeting in Luxembourg.
Technology companies say that the current system is straightforward and works perfectly well as it gives citizens a single point of contact if, for example, a bank breaks data protection rules. By extending responsibility to the bank’s suppliers, it risks forcing cloud computing and other services providers outside of the European Union and its associate members.
“It is important that consumers and businesses understand who ultimately is responsible for processing their data,” Liam Benham, vice president of government and regulatory affairs at IBM, told Reuters. “Now the EU’s draft Data Protection Regulation risks blurring these lines of responsibility, setting the stage for lengthy and costly legal disputes, which will be perplexing for consumers and businesses alike.”