EU Panel Data Protection Regulation Vote Delayed Until Fall by Amendments, PRISM

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Stephen Gardner  


BRUSSELS--A first binding European Parliament vote on the draft European Union data protection regulation will now not take place until September at the earliest, a Parliament official told BNA June 24, citing the complexity of the dossier and the large number of amendments as the main reasons for the delay.

The European Parliament official added that a secondary reason for delaying the Civil Liberties, Justice and Home Affairs Committee vote was the controversy surrounding the U.S. PRISM internet surveillance program.

Third Delay by Committee

The delay is the third announced by the panel in recent months.

The proposed data protection regulation, which was released in January 2012 to replace the 1995 EU Data Protection Directive (95/46/EC) (11 PVLR 178, 1/30/12), was originally scheduled for a vote in the committee in April.

The vote was postponed until May (12 PVLR 524, 3/25/13), and then again until June or July (12 PVLR 842, 5/13/13), as Jan Philipp Albrecht, the German Green lawmaker who is the parliament’s lead negotiator on the dossier, struggled with more than 3,000 amendments to the draft text.

The European Parliament official, who asked not to be named, said that “everybody is overwhelmed a bit; it’s too many amendments, we’re still working on them.”

If a vote is not possible at a Civil Liberties Committee meeting in September, it could take place in October, the official said.

The reform of the European Union’s data protection regime has attracted huge interest from governments, campaign groups and businesses, and it is considered one of the bloc’s most heavily lobbied draft laws.

Once the Civil Liberties Committee adopts its position on the draft regulation, that position will either be put to a vote of the full European Parliament, prior to negotiations on the regulation with the EU Council, the EU institution that represents the governments of EU member states, or Albrecht will enter direct negotiations with the EU Council, with the resulting agreement then put to a vote of the full European Parliament.

PRISM Concerns

The Civil Liberties Committee decided to delay its vote at the close of its meeting June 19 with European Commission Vice-President Viviane Reding.

Reding told the committee that access by U.S. authorities to the personal data of EU citizens under the PRISM program could be illegal under international law (12 PVLR 1120, 6/24/13).

There was “broad consensus among [the European Parliament’s] political groups” that a clause on “disclosures not authorized by Union law” should be inserted back into the draft data protection regulation, the official said.

The clause appeared as Article 42 in a leaked draft regulation proposal, but it had been dropped when the Commission published the final proposal (10 PVLR 1806, 12/12/11).

The article would forbid any company from handing the personal data of EU citizens over to non-EU governments unless the disclosure was done in accordance with a mutual legal assistance treaty or equivalent agreement.

The delay in finalizing the Civil Liberties Committee’s position increases the risk that the data protection regulation will not be adopted by the EU institutions before European Parliament elections in May 2014.

If the reform has not been completed by that time, the new European Parliament elected in May 2014 would have to decide if it wants to proceed with the dossier or return it to the European Commission. In the latter case, the Commission would then be required to submit a new proposal, and deliberations in the European Parliament and the EU Council would have to restart.

Request Bloomberg Law: Privacy & Data Security