The ICO has been taking stock of what still needs to be done before the EU's data protection reforms are in place. analysis conducted by the ICO suggests that although the Council of the European Union has agreed its position, there has been some degree of 'papering over the cracks' between different governments' views. For example, the ICO has published an observation on the Council's text which argues, in the context of Article 2a (material scope), that separate data protection arrangements must be kept to a minimum and must follow the basic standards of the regulation itself. If not, the ICO sees a danger of different data protection regimes developing.
This negotiating table is known as the trilogue, an informal decision making process. The trilogue involves representatives of the Council, the European Parliament and the European Commission coming together to discuss their regulatory proposals and ultimately create a final text. The early sessions of the trilogue have been reported as positive and have resulted in a planned timetable which runs until December.
A few areas of the discussions will be of particular interest. Firstly, it will be interesting to see if there is compromise on Article 43(a) of the Parliament's text. This section attempts to regulate situations where there is a conflict between a legal requirement of a non-EU country that requires the disclosure of personal data held in the EU to that country and EU data protection law which restricts such disclosure.
In September, the trilogue will look at key principles including the extent to which the processing of personal data can be based on a data controller's 'legitimate interests', and how far 'incompatible processing' is permissible. The ICO has stressed the importance of the final text being clear, simple and easy to understand if it is going to achieve the desired effect of improving privacy protection for individuals in practice.
Please click here for the ICO article.