EU DP compromise proposal would make life easier for companies

The Council of the European Union, anxious to see progress with the draft EU DP Regulation before the Parliament’s summer recess, is suggesting a compromise deal which takes more of a risk-based approach.

With regard to extra-territorial application, the Council wants to limit the scope of the Regulation and says that the Regulation should only apply to non-EU controllers if ‘it is apparent that the controller is envisaging doing business with data subjects residing in one or more Member States in the Union.’

The Irish presidency is proposing that direct marketing would be included in the grounds for processing based on legitimate interests. It suggests changing the consent requirement from “explicit” to “unambiguous”.

The Council also suggest an amended household exemption: ‘Personal and household activities include social networking and on-line activity undertaken within the context of such personal and household activities.’

Several national delegations are still in favour of a Directive instead of a Regulation. The Council says that while there is general support for its compromise paper, no part of the proposal has been finally agreed.

Viviane Reding, Vice-President and Commissioner responsible for Justice, Fundamental Rights and Citizenship, said in a Council meeting on 6 June that although she is pleased about the progress that has been made, she will not accept a level of protection lower than in the current EU DP Directive on any particular issue. She is especially keen to retain ‘explicit’ consent and data minimisation in the draft.

The compromise text of 31 May deals with chapters I to IV of the draft DP Regulation.

Progress with the EU DP draft regulation will be analysed at the Privacy Laws & Business 26th Annual International Conference, 1-3 July, Cambridge, UK.