It is perhaps no surprise that the European Data Protection Supervisor (EDPS) agrees with my view in my blog of 5th January that there is an urgent need for greater harmonisation of data protection laws in Europe. The EDPS describes the lack of harmonisation as “one of the essential shortcomings of the current framework” in its recent Opinion of 14th January 2011, particularly in an “information society where physical borders between Member States are less and less relevant” and emphasises the need of uniformity in approach to “enhance legal certainty, reduce the administrative burden and ensure a level playing field for economic operators across member states”.
The EDPS provides its view on the key areas for harmonisation which include the lawfulness and grounds for processing (in particular clarification on the legitimate interests ground due to its flexible nature), data subject rights, a uniform registration process, international transfers (an area widely criticised due to the impact on international business) and the resources and powers of regulators (which will impact the effectiveness of national law even if harmonised).
It also proposes a simple solution to achieve such harmonisation; enact an EU Regulation.
Regulations have direct effect (e.g. are enforceable without the need for member states to implement them in national law), thus removing the risk of divergence in interpretation as compared to Directives that have no effect until enacted in national legislation.
That said, because a Regulation takes the place of national legislation, effectively needing the approval of each Member State, they can take literally years to agree. A Regulation may be useful if the areas for harmonisation are narrowly defined, but given the broad scope of issues identified for harmonisation, I can forsee years of argument as to what the uniform European position should be given the current divergent approaches between certain member states.
Whilst a Directive could not harmonise laws in their entirety, it may provide a faster solution to bring member states in line in crucial areas. As member states have an element of discretion in implementation, Directives are approved in much shorter timeframes than Regulations.
A key question is how long can Europe wait to address the lack of uniformity given its potential impact on business and investment? Is it better to take the long road to a Regulation, or try and fix the critical areas more quickly by way of Directive acknowledging that it may not produce the level of harmonisation desired. What do you think?