The EU approach to privacy, which has placed responsibility for data protection in the hands of national governments and regulators is failing and will be replaced by a single set of regulations for member states, according to documents leaked from the European Commission.

The draft regulation, obtained by campaign group Statewatch, and confirmed as genuine by The Register, would come into effect immediately if approved. A regulation is the strongest EU legal instrument – in effect it “trumps” national laws – and is a clear sign that leaving responsibility for data privacy in the hands of national bodies is an approach that is seen to have failed by Brussels.

The current approach “has not prevented fragmentation in the way personal data protection is implemented across the Union, legal uncertainty and a widespread public perception that there are significant risks associated notably with online activity,” says the document.

EU citizens have a right to the same level of protection of personal data throughout the Union, and while market forces encourage transfers of personal data across national borders, a fragmented privacy regime will inhibit this flow, says the draft.

“Member States cannot alone reduce the problems in the current situation, particularly those due to the fragmentation in national legislations,” it says.