Data Protection Day in Europe, 28 January 2014, saw the announcement by EU Justice Commissioner Viviane Reding of a more precise timetable for the adoption of the EU’s data protection reform package, comprising a Regulation governing general data protection and a Directive governing the use of personal data in the area of law enforcement and crime.
Following negotiations this month between the EU Commission, Parliamentary Rapporteurs, and the current Greek and next Italian Presidencies of the EU it has been agreed that the Council of the EU (acting largely through its Justice and Home Affairs committee) will agree upon a formal negotiating mandate by the end of June 2014, with a view to inter-institutional negotiations concluding by the end of 2014. Negotiations at the December 2013 meeting of the Council of the EU had reached an impasse on the scope of the “one-stop shop” concept, under which an organization subject to the jurisdiction of the Regulation would be subject to the enforcement of a single EU data protection authority. In the meantime, the EU Parliament plenary session in April 2014 is expected to approve the recommendations of its LIBE committee and adopt them as its formal negotiating position. (For our detailed analysis of the LIBE committee’s recommendations, click here.)
The new legislative timetable was part of a package of measures which Reding described as a ‘Data Protection Compact’, comprising eight principles which would enable EU citizens to exercise their right to ‘digital self-determination’. In addition to the timetable for EU data protection reform, the principles included the requirement for a single legal instrument covering private and public data processing, public debate on data protection rules, restrictions on blanket data collection by law enforcement bodies, swift evolution of laws to match technology, sparing use of national security exemptions, greater judicial oversight, and a call to the U.S. to grant equal protection to all individuals regardless of nationality.
In addition, the Commission repeated its calls, last made in November 2013, to the U.S. to restore trust in EU-U.S. data flows. Reding clearly intends to maintain pressure on the U.S. in respect of its own review of surveillance programmes and she reiterated the Commission’s threat to suspend the U.S.-EU Safe Harbour framework in the event that it is not strengthened.