I thought I would write a blog that explains where we are in relation to the Regulation.
Just over two years ago, the European Commission published a proposal for a Data Protection Regulation to replace Directive 95/46/EC. Following publication, the Commission’s text has been scrutinised by the European Parliament and by the Council of Ministers. Each of European Parliament and the Council of Ministers can propose amendments to the Commission’s proposals and each approves a text containing amendments to the original Commission’s proposals.
The process results in two texts which, if approved, then go through a reconciliation procedure, which if successful, results in a compromise text agreed by the Parliament, Commission and the Council of Ministers. This compromise text becomes the Regulation enacted into law; if reconciliation is not possible, then the Commission’s proposal does not become law.
Last December, the LIBE Committee of the European Parliament agreed amendments to the Commission’s text (and this gained approval in the Parliament) but the Council of Ministers have not agreed its amendments; so the reconciliation procedure has not even commenced.
The reason for the failure of the Council of Ministers to agree a set of amendments is complex as there is common agreement that Directive 95/46/EC needs updating; however, there is no agreement as to the “with what”.
There are a number of Member States that want a Directive instead of a Regulation and there are a number of States that want an exclusion in the Regulation for the public sector; in practice there are a diverse number of alliances between Member States that express reservations over specific proposals (e.g. the level of prescription imposed on data controllers, granting extensive powers to the Commission).
In other words, the opposition to the proposals in the Regulation is not simple as, for example, saying that the UK and Irish are opposing whereas the Germans and French agree with most of it. If that were to be the case, a simple qualified vote would have determined the issue.
Because of the number of reservations from diverse Member States, and to avoid making premature, unchangeable decisions, Member States agreed to discuss issues in expert DAPIX committees and delay voting until majority agreement on a final text was in sight. It was assumed by many that this vote could have occurred at a Council of Ministers’ meeting held on December 6th last year.
However, at that meeting the legal counsel for the Council of Ministers (the appropriately named Mr. Legal) dropped a bombshell. He said that if the “one-stop shop” was implemented (this is the idea that when doing business in European Union, the data controller has one data protection regime and regulator to consider), it would be to the great detriment to data subjects and not compliant with the European Convention of Human Rights.
This legal position was publically disputed by legal counsel for the Commission. Council of Ministers agreed to delay a decision until the legal position was resolved. This has given rise to all the serious doubts as to whether this proposal will survive in its current form, especially if the legal counsel for the Council of Ministers does not change his mind, as the “one-stop shop” is a central to the original Commission’s proposal.
Even before this legal intervention, there was talk of carrying over the proposal for a Regulation to the next Parliamentary session and this accounts for the statement in the Communiqué issued after the European Summit Meeting of Heads of State (end of October). This said “It is important to foster the trust of citizens and businesses in the digital economy. The timely adoption of a strong EU General Data Protection framework and the Cyber-security Directive is essential for the completion of the Digital Single Market by 2015”.
Resolving the one-stop shop problem has been a focus of the Greek Presidency which commenced in January 2014. The Greeks have timetabled many DAPIX meetings between civil servants from Member States to discuss the Regulation and to try and fashion an agreement. However, this process has not been particularly transparent and no leaks have occurred; the lack of leaks is surprising as last year DAPIX leaked like a sieve.
Also in January, the European Parliament, Commission and Council agreed on a roadmap on the margins of the informal JHA Council in Athens in late January: Adoption of a (partial) general approach under the Greek presidency, trilogue and final agreement on a text is the objective before the end of 2014. Well that is the theory anyway.
As readers know, I am on the UK Government’s Advisory Committee on the Regulation. It has not met this year, nor are meetings planned, so clearly the Government is not in need of advice. Some commentators think this is because the UK has been side-lined in the debate and whatever its views are, they carry no weight.
This is only part of the reason. I think that the UK Government is keeping stum because it is waiting to see what happens after the European Elections, perhaps hoping for a more favourable (euro-sceptic) outcome. Also Vivien Reding is moving on; she appears to be “dead-woman walking” as her term ends on October 31st. Indeed there are rumours that the Luxembourg Government is choosing another Commissioner which means that Ms. Reding will have to develop her political career elsewhere.
Finally, the European Parliament is likely to conclude its first reading with a vote (on the un-changed LIBE text) in plenary in March (most likely 11th). This means that the likely outcome will be that European Parliament will have agreed a text of the Regulation but the Council of Ministers will not and whether the next Parliament (after May’s elections) will agree with the previous Parliament is very uncertain.
In summary, there is no agreement! And progress in the second half of 2014 is also a moot point. In short, I think it’s back to the drawing board – and if I were a betting person, any final agreement in the near future will be an agreement to make some minor tweaks to Directive 95/46/EC.
These deal with Member States view on the Regulation text
Ms Reding heralds a “disappointing day for data protection” as leading lawyers have a public cat-fight http://amberhawk.typepad.com/amberhawk/2013/12/ms-reding-heralds-a-disappointing-day-for-data-protection-as-leading-lawyers-have-a-public-cat-fight.html
EU’s Data Protection Regulation: divisions exposed as Member States show disharmony. http://amberhawk.typepad.com/amberhawk/2012/03/eus-data-protection-regulation-divisions-exposed-as-member-states-show-disharmony.html
Expect 1,000 objections by Member States to the EU’s Data Protection Regulation: http://amberhawk.typepad.com/amberhawk/2012/06/expect-1000-objections-by-member-states-to-the-eus-data-protection-regulation.html