Online Protection

Data Privacy Plan Gets Mixed Reviews

  • Why it matters

    Why it matters

    The E.U.’s plan to tighten online data protection in the 28-nation bloc is getting mixed reviews, with advocates hailing a digital right to be forgotten and skeptics saying that loopholes will undermine its supposed benefits.

  • Facts


    • Companies would face fines of up to 4 percent of sales for data protection infractions.
    • The proposal would raise the minimum age for digital consent to 16 from 13 years old.
    • The E.U. Commission estimates the new plan, which still requires final approval, will save businesses €2.3 billion, or $2.5 billion, per year by eliminating red tape.
  • Audio


  • Pdf

data timothy fadek new york times redux laif


Jean-Philipp Albrecht is happy – an emotion the German Green Party member had not experienced much over the last four years as the European Parliament’s lead negotiator on data protection reforms.

That’s understandable given the highly contentious nature of the data protection debate in Europe, where data “purists” battle with web businesses and the continent’s bloated government privacy bureacracy over the future of online trade.

Europe’s most recent update to the E.U.’s data protection directive attracted nearly 4,000 requests from lawmakers to change Mr. Albrecht’s reform. The German government, with its demands to protect companies from onerous regulation, was among the most vigorous in trying to shape the outcome.

Finally, on Tuesday night, Mr. Albrecht found his relief when the European Commission, the European Parliament and the heads of government from the bloc’s 28 countries reached a compromise he called “a giant step.”

Internet users and data protection advocates in Germany, where deep-rooted privacy concerns helped propel the reforms, had reason to share Mr. Albrecht’s euphoria.

After all, the new regulations represent a significant improvement for data protection.

Now enshrined is a legal “right to be forgotten” for Internet users wishing to delete information on the Web, and new consumer protections over how their personal online data can be processed, as well as simplified procedures for filing complaints with companies that conduct illegal “data mining.”

“The agreement over data protection reform is good news for data protection in Europe,” said Andrea Vosshoff, a German government spokesperson on data protection issues.

The German justice minister, Heiko Maas, praised the reform as “progress for Germany and Europe” that would strengthen the ability of individuals to control their personal information on the Internet.

But reactions from the business community – both in Germany and abroad in Europe and in the United States – are decidedly mixed, and often negative.

Internet companies, which closely watched the negotiations, wanted more lax data protections. Now it appears that at least some of their fears have become reality.

The rules will affect big Silicon Valley tech companies such as Google and Facebook, which previously sidestepped Europe’s stricter national data protection policies by locating in countries with the weakest regulations.

Internet companies, which closely watched the negotiations, wanted more lax data protections. Now it appears that at least some of their fears have become reality.

They now face fines of up to four percent of their annual revenue for breaking the E.U.-wide law, which could add up to real money for giants like Google and Facebook, making data protection infractions potentially as costly as antitrust violations.

Facebook, Instagram, Pintrest and others can’t be pleased with the decision to lift the minimum age for digital consent to 16 from 13 years old. Teenagers under 16 will first need to get permission from parents to use many social networks.

Google, as is typically its policy, declined to comment on the reforms, while Facebook welcomed a uniform European standard over the current patchwork approach.

That’s one aspect of the reform that should please companies.

“Uniform rules throughout Europe make sense,” said Holger Lösch, an executive board member at the Federation of German Industries.

The European Commission estimates the streamlined regulations will save European businesses €2.3 billion, or $2.5 billion, per year by eliminating red tape.

Thomas Kremer, a board member for data privacy at Deutsche Telekom, the German carrier, praised the regulation as a “great step on the path to fair competition” between American and German companies. Deutsche Telekom is still nearly a quarter owned by the German government.

But other companies are concerned because E.U. countries can still implement some rules as they choose. Some are concerned that the new law does not specify what actually constitutes digital consent, according to Bitkom, a Berlin-based trade association for German information technology companies.

“The extent of possible fines is not the problem, but rather that the regulation does not make clear what is punishable,” said Susanne Dehmel, the head of data protection at Bitkom.

The new law will make it difficult for small- to mid-sized companies to develop business models, said trade group Bundesverband Digitale Wirtschaft, which represents companies in Internet marketing and digital content.

Many German politicians were also mixed about the reforms.

“With the numerous escape clauses, the goal of uniform data protection in Europe will not be reached,” said Thomas Jarzombek, a Christian Democrat who represents his party on digital issues in the Bundestag.

Sören Bartol, a Bundestag member who represents Internet policies for the Social Democrats, was more optimistic.

“Innovative companies in Germany whose strength is data protection will profit from the new rules,” Mr. Bartol told Handelsblatt.

The upper chamber of European parliament, which represents the member governments, and the E.U. Parliament must still approve the reforms. The European Commission expects this to happen in early 2016, and the law to go into effect in 2018.

Thomas Ludwig is a Handelsblatt correspondent in Brussels. Anja Stehle is a volunteer at the Georg von Holtzbrinck School of Journalism in Düsseldorf. Dana Heide is a Handelsblatt editor who writes about energy policy and small- and mid-sized companies. Christof Kerkmann is a Handelsblatt editor who writes about technology. Ina Karabasz is a Handelsblatt editor who writes about telecommunications, IT and security issues. To contact the authors:,,, and




We hope you enjoyed this article

Make sure to sign up for our free newsletters too!