In an interview to BNS, Kunčinas says that the Lithuanian presidency over the EU Council is expected to hand over the discussions on the new regulations to the European Parliament, although a broader discussion may make decision-making more difficult.
"In my opinion, which is based on the atmosphere in the European Commission, they want the regulation to be adopted by this term of the European Parliament. If this EP fails, the issue will be postponed for long, as it will take a long time for the new parliament to gain good understanding of the matter," the director said.
"I believe extensive efforts will be made to make sure that the document is adopted by this tenure of the European Parliament. This is why there is the strife (…) to have the draft regulation at least reach the EP during the Lithuanian presidency," said Kunčinas.
In his words, former US intelligence agent Edward Snowden did not reveal anything unexpected when he leaked information about the electronic spying program PRISM used by the US, which enabled large-scale data collection on users of Internet giants Google, Facebook, Skype and other American companies in Europe and beyond.
"I believe he said nothing new indeed. Everyone knew about this but chose to keep quiet. I have always said that at least two or three global intelligence agencies with sufficient funds register everything in the field of telephone conversations and Internet. The intelligence agencies either buy it or receive the data from the companies, as the case was in the United States – since all the main Internet companies like Google and Facebook are based in the United States – I don't know what kind of relations they have with the federal administration," he said.
In Kunčinas' words, the spying scandal and discussion of the regulation are not directly related.
"I believe there is no link between the two issues. Data protection is one thing, while operation of secret services is a different thing. This should not be a problem, as when we talk about Snowden, the problem is on the political, intelligence and moral level. The problem is that information technologies enable to collect a mass of data, while its further use in legal and illegal ways is an entirely different matter," said the director of the Lithuanian inspectorate.
He says that specific discussions of the future European data protection rules are still premature.
"The discussions are now held at the DAPIX committee, Lithuania has taken over presidency over the committee (…), after that the draft will be submitted to the European Parliament. Over 2,000 amendments have been registered at the European Parliament to the initial draft. It is now hard to predict the final outcome. Many discussions are underway, the task force including representatives of member-states may have opinions that are not conflicting but highly different – at least 20-30 different opinions," Kunčinas said.
In his words, one of the main principles of the reform lies in replacing the existing directive with a regulation, which will be applied directly. The existing 1995 directive allegedly led to a situation which allowed different regulation of the same area in different member-states.
"For instance, when we agreed with Google Street View, the matters were settled in a rather different manner in Latvia, Lithuania, and Estonia. The situation is not good, when the European Union is solving many matters jointly. On the other hand, when we move to these things with the United States and elsewhere, it is better to not have Lithuania, for example, fight with Google or the United States but the European Union do this as a unified and powerful unit," Kunčinas told BNS.
He says the reform is also due to the fact that the old directive no longer reflects technological realities.
"The directive was adopted back in 1995, so 17 years had passed before the reform was launched, it is now 18 years old. Information technologies progress every day. At that time, the Internet was at its infancy, I don't know how many computers you could count in Lithuania at the time. Only a few enthusiasts had Internet connection. Then there came video surveillance – ten years ago, it was only the police and special services that used video surveillance, now it is available to anyone. So the possibilities today are entirely different, leave alone the new technologies available today that did not exist at the time – detection by smell or voice, which requires constant changes to the regulation of data protection. That is why new legal regulation is necessary," said the director of the State Data Protection Inspectorate.
One of the innovations of the planned regulation involves higher fines for violations of data protection. National data protection inspectorates are planned to impose fines of up to 1 million euros for violating data protection rules, while fines for companies could amount to 2 percent of their annual turnover.
"Now every European Union member-state have different fines. In Lithuania, the fines are ridiculously low, as compared with other countries – 600 litas for the first offense and a double for the second time. Furthermore, Lithuania cannot impose fines on legal entities, only individuals. Other countries, for instance, Estonia, even have criminal liability for violating data protection principles, fines there amount to tens of thousands of euros. Therefore, the regulation will envisage very large fines of incomprehensible size," said Kunčinas.
In his words, the scandal about European data stored by the US government did not only reveal a legal gap but also serves as a warning for cautious behavior online.
"My behavior on forest paths is different from that on a highway, which involves somewhat different rules: you have to think of others who can drive there and the speeds they can reach. This is similar – if I go online, I need to know that it is more than just flowers and rivers of milk with honey banks, they involve all types of threats," said the director of the State Data Protection Inspectorate.
