The standardization of legislation will set at tight framework for all data processing businesses operating in Europe
Due to the memory of its own history, Germany has always placed an emphasis on data privacy – but the global mass surveillance disclosures have increased the profile of this issue even more. Correspondingly, the negotiations of the General Data Protection Regulation, which is designed to standardize legislation in the EU, are almost exclusively driven by German policy makers within the European Commission, European Parliament and Council of Ministers.
Although the standardization of data protection legislation is at the forefront of the EU’s agenda, the parliament, commission and member states have thus far failed to agree on a proposal. While many of the member states’ representatives in the council of ministers seem to acknowledge the perspective of businesses, a majority in the parliament wants to establish a tight framework for the commercial use of private data. Its current draft implements the principle of ‘prohibition of conditional permission’, prohibiting any company that processes data of European customers to collect, process and use the data of a person if the person has not given informed and explicit consent.
Regardless of whether or not parliament or council succeed, however, the process is an indication of a political tendency, highlighting that data processing corporations operating in Europe will face much stricter legislation, effectively threatening their operations in the long-term.