The new system is opposed by companies such as Germany's SAP SE,
International Business Machines Corp, Cisco Systems Inc and
Amazon.com Inc who say it will kill off Europe's cloud computing
industry, as well as introduce uncertainty in business to business
relations.
EU officials say the issue has been the subject of fierce lobbying
from companies, who warn it could hamper the creation of a unified
market in digital services, a key plank of the European Commission's
agenda to boost economic growth in the 28-nation EU.
Under the current, 20-year-old system, cloud providers - companies
offering remote storing and processing of data on servers - would
classify as "processors" since they do not collect the data
themselves. That means they are not held liable for using the data
illegally unless they breach the contract with the company for whom
they are processing - the data "controller."
EU ministers will seek to reach an agreement on the data protection
reform at a meeting in Luxembourg on Monday, after which final
negotiations with the European Parliament will start.
"One key issue is who pays if rules (are) broken," said an EU
diplomat.
Companies argue that the current system works well and makes it
easier for consumers by giving them a single point of contact. For
example, if a bank breaks data protection laws, it would make more
sense for the person affected to sue the bank, rather than the
companies to which it outsources its human resources functions.
"It is important that consumers and businesses understand who
ultimately is responsible for processing their data," said Liam
Benham, Vice President of Government and Regulatory Affairs at IBM.
"Now the EU's draft Data Protection Regulation risks blurring these
lines of responsibility, setting the stage for lengthy and costly
legal disputes, which will be perplexing for consumers and
businesses alike."
[to top of second column] |
Part of the reason for spreading responsibility across several
players is that data is often collected by one company, stored by
another and processed by a third.
Additionally, many cloud providers are large companies such as SAP,
Cisco and Amazon. The Commission feared cloud companies would be
able to impose unfair terms on small businesses who would then bear
the brunt of the responsibility if something went wrong.
"If an SME finds it hard to find a processor that doesn't want to
comply with European contract terms, there is plenty of choice,"
said Rene Summer, spokesman for the Coalition of European
Organizations on Data Protection, which includes SAP, Nokia Oyj and
Ericsson.
(Reporting by Julia Fioretti. Editing by Andre Grenon)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
|