EU Privacy Regulation Talks on Track, Lawmaker Says

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Stephen Gardner

Oct. 13 —Three-way talks between European Union institutions to arrive at a final text of the bloc's new data protection regulation by the end of 2015 are proceeding well, although major “political issues” remain to be resolved, the European Parliament's lead representative on the legislative dossier said Oct. 12.

German Green lawmaker Jan Philipp Albrecht said that there was broad agreement on “70 to 80 percent of the text” of chapters of the draft regulation covering the principles of personal data processing, data subject rights and the responsibilities of data controllers and processors, as he reported to the European Parliament's Civil Liberties, Justice and Home Affairs Committee (LIBE).

However, some important questions remained outstanding, including “the form and the conditions for the individual to give consent” to processing of their personal data, how purpose limitation and data minimization should be defined and some issues related to the provision of information to data subjects, Albrecht said.

In addition, the European Parliament was pushing in the negotiations for a more harmonized EU-level framework for the appointment of in-house data protection officers by company and other organization data controllers. The Council of the EU, which represents the governments of the 28 EU countries, however, is seeking to leave that decision to the member states, Albrecht said.

But despite differences between the negotiating parties, “I still see it very realistically possible that we conclude an agreement with the council before the end of the year,” Albrecht said.

International Data Transfers 

The trialogue negotiations are between the European Parliament, the Council of the EU and the European Commission, the EU's executive arm that originally proposed the data protection regulation in 2012 to replace the 1995 Data Protection Regulation (95/46/EC).

The negotiations started in June after EU member state justice ministers in the council signed off their position on the proposed law.

In the negotiations, the representatives of the EU institutions seek to agree on a common text that can then be put to ratification votes in the parliament and council. If the schedule for concluding the trialogue discussions by the end of the year is met, ratification would take place in early 2016.

In July, Albrecht said negotiators had largely agreed on the draft regulation's chapter that deals with international transfers of personal data from the EU.

Albrecht said Oct. 12 that in connection with global cross-border transfers, negotiators would take into account the EU Court of Justice's Oct. 6 ruling that suspended the U.S.-EU Safe Harbor arrangement for transfers to the U.S. on the basis that the data protection regime in the U.S. is inadequate.

Negotiators on the finalization of the data protection regulation would consider “how far it is necessary to renegotiate” data transfer issues in light of the Safe Harbor ruling, Albrecht said.

Enforcement to Be Discussed Next 

Albrecht told LIBE Oct. 12 that there were “quite a lot of issues where we are very near to each other.”

The next stage of talks will deal with chapters on the roles of data protection regulators and how they should cooperate to enforce the regulation in a harmonized way, Albrecht said.

A “consistent application” of the proposed regulation was “one of the core issues of this reform,” he added.

To contact the reporter on this story: Stephen Gardner in Brussels at correspondents@bna.com

To contact the editor on this story: Donald G. Aplin at daplin@bna.com