EU DPAs may be given discretion to decide level of fines

A leaked document sent on 21 June from the Irish Presidency of the EU Council of Ministers to the Data Protection Working Party on Information Exchange and Data Protection (DAPIX) reveals that the administrative fines in the planned EU DP regulation may be discretionary if this proposal is adopted. According to the document, instead of issuing fines of up to 2% of companies’ annual global turnover for serious breaches of the Regulation, supervisory authorities could use their discretion, and take into account several mitigating factors such as:
1. the financial situation of the organisation,
2. any previous infringements, or
3. action taken by the organisation to mitigate damage to individuals.

In less serious cases, a warning or a nominal sanction might apply. This position was supported by Lord McNally, UK Justice Minister, who spoke at PL&B’s 26th Annual International Conference, Cambridge.

It would be left to each Member State to decide whether and to what extent administrative fines would be imposed on public authorities.
These details have not been decided as the final negotiations between the Council of the European Union and the European Parliament have not yet started. The Parliament is now expected to vote on its final position in September.

The document is published by Statewatch.