Following adoption by the EU Council of the draft General Data Protection Regulation (the ‘draft Regulation’) in June, the Article 29 Working Party has published an opinion based on draft proposals set out by the various EU institutions, and which is likely to be referred to during the trilogue negotiations currently underway.
The opinion follows publication of the Council’s general approach and sets out a common position taken by the Working Party on the various key topics within the draft Regulation, including the definitions, scope of application, main principles, data subjects’ rights, power of authorities and governance model.
The Working Party are keen to ensure that this new regulatory framework does not lower the existing levels of data protection currently, nor undermine the existing data protection principles provided for within the Data Protection Directive.
In particular, the Working Party are keen to emphasise:
- Consistency between the Regulation and the existing Directive should be ensured, and any decision to exclude certain processing of public/private authorities should be resisted
- The need to define personal data in line with technological evolution
- The importance of not watering down the purpose limitation principle
- The need for data protection authorities to have adequate powers and resources to deal effectively with breaches, and be a deterrent against further breaches
- The need for effective governance and a harmonised enforcement approach across the EU
This opinion was welcomed by the three EU institutions and should assist the ongoing negotiations to agree the new Regulation.