On Wednesday 12 March 2014, European Parliament (Parliament) voted in plenary in favour of the European Commission’s draft EU Data Protection Regulation (theRegulation). The vote confirmed Parliament’s strong support of the decisions made previously at committee level by the Civil Liberties, Justice and Home Affairs Committee in October 2013, to back the “compromise” version of the Regulation (as amended by Members of European Parliament (MEPs) Jan-Phillip Albrecht and Dimistrios Droutsas). The vote officially sets Parliament’s position on the Regulation in stone, and means that the new Parliament elected in May (potentially comprising of different MEPs with different political agendas) can choose, as is likely to be the case, to build on the draft text of the Regulation as currently worded, as opposed to re-working the entire Regulation from scratch. Parliament is now in a position to enter into tripartite negotiations with the Council of the European Union (the Council) and the European Commission (the Commission) with a view to finalising the Regulation by the end of 2014. In light of Council’s indecision as to the final text of the Regulation, and as per the words of Viviane Reding, Vice President of the Commission, “the ball is now in Council’s court” to reach a position on the proposals swiftly, so as to enable “an adoption of the data protection reform before the end of this year”.
This week’s vote follows talks on Tuesday 4 March 2014 of the Justice and Home Affairs (JHA) ministers of the Council. As previously reported here, the time table for the adoption of the Regulation had begun to slip following a lack of consensus between ministers of the JHA as to certain of its provisions.
Tuesday’s Council discussions focused primarily on the territorial scope of the proposed Regulation, and the rules surrounding international transfers of data to third parties. The JHA confirmed their support of the proposed territorial scope provisions, which aim to create a “level playing field” as to data privacy standards for all companies, regardless of their geographical establishment, by ensuring that non-European companies doing business in the Single Market would adhere to the same strict data privacy standards as European companies.
The JHA also expressed broad support for the international data transfer provisions of the Regulation. These include the option for private companies (but not public bodies) to carry out data transfers to third countries, notwithstanding that the third country is not a country designated as providing adequate protection, when the transfer is neither “large scale or frequent” and required for a “legitimate interest”, provided that the transfer does not override the “interests or rights and freedoms of the data subject”, and that the business concerned carries out a “self-assessment” as to the circumstances surrounding the data transfer, including any necessary “safeguards”.
The JHA is next due to meet in June 2014 in order to finalise its position on the data protection reform ahead of entering final negotiations with Parliament and the Commission.