Council of European Municipalities and Regions (CEMR)
European section of United Cities and Local Governments

Home / News / In-depth news / EU data protection
next > < previous

Local and regional governments as service providers

EU data protection - 31.01.2013

If applied to the public sector, EU data protection regulation will fail to improve citizen’s rights, but at major cost to the taxpayer
Local and regional authorities in Europe warn that the new draft regulation on data protection has been elaborated with the private sector alone in mind and, if applied to the public sector, will create additional costs for municipalities and regions with very little benefit to the population.

This warning comes after a meeting the Council of European Municipalities and Regions (CEMR) had with the European Parliament rapporteur on the issue, Jan Philipp Albrecht, as the debate on the European Commission’s proposal for a regulation on data protection continues.  Until now, the public sector was not adequately heard during the decision-making process despite the regulation’s strong impact on public authorities.

It is important to underline that the public sector uses personal data to help provide public services, such as allotting housing allowances, and not for commercial purposes like private sector giants, such as Google or Facebook.  Furthermore, in terms of public opinion, fears of data leaks are generally limited to large private companies collecting data for commercial ends.  However, according to the proposed regulation, local and regional authorities would have to update, and in some cases completely redesign, their data software in order to conform to EU standards, a costly endeavour in today’s financial context.

As an example of the heightened administrative costs foreseen, the UK government published an impact assessment, which estimated the total net cost for implementation of the regulation’s proposals in the United Kingdom at £250 million (€292 million) per year.

While local and regional authorities support a comprehensive reform of data protection rules, they believe the public sector needs to be properly considered in the regulation, especially since data protection in local and regional government administrations is already strictly regulated by national laws fashioned in compliance with the existing directive.

One size does not fit all

The proposed regulation would prevent stricter rules from being applied in the future, for instance with data processed by registration offices, welfare offices and hospitals, as some countries currently protect data above and beyond European standards.  In Denmark, Germany and Austria, for example, the data protection levels in the public sector are among the highest within the EU.  However, if the public sector in these countries were subjected to the same rules as the private sector, the level of protection would be diminished.  In CEMR’s opinion the rights of our citizens should outweigh the need for a European personal data internal market.

As an alternative, the protection of personal data in the public sector could be improved by revising the current directive rather than applying the proposed regulation. This would improve citizens’ rights and adapt data protection rules in the public sector to modern day technical requirements with relatively low administrative costs and more consideration for the different data protection laws already in place in member states.

CEMR position on the Commission’s proposal on general data protection regulation
Développez vos ventes : conseil marketing Organisation - Audit, conseil, coaching, formation référencement sur Google de site Internet - Audit, conseil, coaching, formation Référencement naturel sur Google, SEO