The European Union's justice commissioner Viviane Reding is convinced that her proposed data protection package will be adopted next year, even though ministers continue to disagree on some of the more delicate points laid out in the planned rules.
Brussels' vice president said ahead of a meeting with the justice and home affairs council in Luxembourg on Friday that "all companies operating on European soil have to apply the rules" and added that "now is the day for the European ministers to give a positive answer to [NSA whistleblower Edward] Snowden's wake-up call."
But by the end of the confab clear divisions remained around how nations in the 28-member-state bloc would enforce such rules on companies such as Google and Facebook that offered services across the EU.
Instead, the council was only able to partially agree to a general approach on specific issues of the regulation.
Reding first tabled her data protection reform package in early 2012. It underwent more than 4,000 amendments before support was cemented from MEPs in March this year.
But, perhaps unsurprisingly, justice ministers are being even more finicky about the planned legislation to overhaul rules that were written in the infancy of the web in 1995.
Justice Commissioner Viv Reding in Luxembourg on Friday
The Greek Presidency, which chaired Friday's meeting, said the council had essentially struck a fragmented deal on the planned DP rewrite. It said the agreement included the territorial scope, the respective definitions of binding corporate rules and international organisation and the transfer of personal data to third countries or international outfits.
However, justice ministers failed to reach a deal on the controversial one-stop-shop mechanism - which was criticised by the European Council's legal service chief, Hubert Legal, late last year when he questioned whether the measure was lawful, opining that it might breach European citizens' human rights.
The proposed rule is supposed to cut red tape for businesses operating across EU countries, giving them one port of call for data-protection issues.
“We have devoted a lot of effort to this proposal. Sufficient progress has been made to support a partial general approach. Today’s agreement constitutes a good basis for future work”, said the council's chair Charalampos Athanasiou.
After the meeting, Reding tweeted that "reform [was] on the right track after justice ministers just agreed we need clear rules on international data transfers".
The European Data Protection Supervisor (EDPS) said (PDF) the council needed to respond much more swiftly to the proposed reforms. It opined that "substantive progress" needed to happen quickly and urged ministers "not to weaken what is currently a robust and comprehensive proposal for a regulation."
The EDPS considers it imperative that EU rules on data protection are reformed urgently, not only to provide more consistency and uniformity in data protection across the EU, but most of all to ensure that the fundamental rights to privacy and data protection of all individuals in the EU are effectively protected.
EU citizens are more aware than ever of the importance of their personal data, and increasingly sceptical of the ability of governments to protect them. The Council must act now and it must act boldly to restore public trust in EU data protection policy.