The European Union has taken steps to beef up cybersecurity in 2013, approving new rules to outlaw NSA surveillance tactics and codifying a new set of boundaries for what qualifies as personally identifiable information (PII).
But when will the EU put those rules into effect? Only after they are signed into law by each of the EU’s member states… which is taking a lot longer than initially expected and could drag well into 2014.
An EU official who spoke with reporters on Dec. 2 says that some nations have demanded more time to sign off on a law that would provide strong punishments for privacy violations. According to the official, the measures are too complicated and sensitive for the nations to reach a full resolution this week.
According to Bloomberg, the proposed measures are unlikely to be adopted before European Parliament elections in May. This comes after an October announcement that the EU was dropping a planned 2014 deadline in favor of a pledge to introduce the measures in a “timely fashion.”
Members of the European Union committees that developed the frameworks say that widespread adoption was never a realistic option at this stage. However, officials also say that they are hopeful the measures will be adopted soon. “European heads of state and government committed to a ‘timely’ adoption of the new data protection legislation” and ministers “should now deliver on this commitment and adopt the EU’s data protection reform swiftly,” said Mina Andreeva, spokeswoman of EU Justice Commissioner Viviane Reding.
However, some countries have been outspoken in their desire to take their time with the process. The U.K. spearheaded the push to amend the 2014 deadline for introduction, and country officials want the plan to be perfected before anything is introduced. “I want to see us agreeing data protection legislation that works for the U.K.,” U.K. Justice Secretary Chris Grayling told Bloomberg in a statement. “As the Prime Minister has made clear, it is better we take the time to get this right rather than rush into something that proves unworkable and costly.”
For more on the legal wrangling surrounding cybersecurity, check out these InsideCounsel articles: