Critical times for EU DP draft Regulation as UK tries to delay it

At last week’s European Council meeting, the UK’s Prime Minister, David Cameron, pushed his counterparts to agree on a 2015 deadline, which could mean that the EU Data Protection Regulation would not be adopted under the current Commission, and the text would then most likely be redrafted in the future.

The EU national leaders adopted the following conclusion: ‘The timely adoption of a strong EU General Data Protection framework and the Cyber-security Directive is essential for the completion of the Digital Single Market by 2015.’

However, according to EurActiv, a senior EU official said on condition of anonymity that Cameron had began the summit negotiations arguing that it would be better to have no deadline at all. The EU source suggested that the UK and Sweden alone could not veto the proposal. The European Commission considers that on a qualified majority vote, the draft Regulation could be adopted by the Council of Ministers by next spring, EurActiv says.

Also last week, the European Parliament approved its compromise text on the draft Regulation, which means that it is now in a position to start negotiations with the EU Commission and the Council of Ministers, once the Council has reached internal agreement.

The Parliament is suggesting many changes to the original draft, for example:

- appointing a data protection officer would be mandatory if a data controller is processing personal data on more than 5,000 data subjects

- data breaches should be reported “without undue delay” rather than in 24 hours, and

- fines could be up to 5% of an enterprise’s annual worldwide turnover (or €100 million, whichever is greater). However, the fines regime would allow only a written warning to be issued for unintentional first offences.

The compromise text retains the original broad territorial scope which means that US companies could fall under the EU rules if processing data on EU residents. At the same time, due to the intelligence gathering saga, France and Germany are now seeking bilateral talks with the US with the aim of finding a solution before the end of the year.

Peter Hustinx, European Data Protection Supervisor, said after the Parliament’s vote: "The vote by the LIBE Committee is an important step towards stronger and more effective data protection in Europe. We commend the European Parliament for facing its responsibility head on in this essential but complex piece of legislation. We are well aware of the differences of opinion over it and the text that was ultimately voted on by the LIBE committee, had necessarily to be a compromise. Nevertheless, the result is a positive step for further progress to be made. It is essential that the European Union acts quickly so that political agreement is reached before the European Parliament elections. We now look to the Council to maintain the momentum with equal vigour and purpose.”