Overview of roadmap for General Data Protection Regulation

By | Monday September 21st, 2015

In the beginning of 2012 the European Commission published the first draft of the “Proposal for a Regulation on the protection of individuals with regard to the processing of personal data“.
It has been about four years in the making and the final release of the new General Data Protection Regulation is expected to be approved by the end of 2015 (maybe January 2016…).
This is a very long time and it is mainly due to a legislative procedure which involves three Institutions (28 EU Member States each) and that doesn’t provide a time limit for it first phase (the so-called First Reading).

The aim of this post is to give an overview of such a procedure (the so-called Ordinary Legislative Procedure) pointing out step by step who did what from the beginning until today.

Step 1 – Proposal (European Commission)

  • On January 25 2012 the European Commission published the first draft of the Proposal ((COM(2012)0011)).

The Proposal will replace the previous Data Protection Directive 95/46/EC.

Let’s have a look at the text of the Proposal in order to highlight some key points:

«Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data
(…)
The European Parliament and the Council of the European Union (…), Having regard to the proposal from the European Commission (…), Acting in accordance with the Ordinary Legislative Procedure (…), Have adopted this Regulation.»

  • A Regulation, not a Directive.
    The Proposal is a Regulation, not a Directive: while Directives require national authorities to draw up legislation in order to conform with the directive, Regulations are applied in full without the need for national legislation. Such a unified data protection Regulation aims to harmonise and enforce (introducing stronger enforcement rights and principles) in a single law different laws and implementation that have led to different data protection levels across the European Union.
    N.B.: the Regulation will be applied in every EU Member State after two years of transition period in order to allow everybody to adapt to the new rules.
  • Three institutions involved.
    The European Commission -> is the only institution empowered to initiate legislation; the Commission prepare the legislative proposal and submit it to the European Parliament and to the Council of the European Union.
    The European Parliament and the Council of the European Union -> are in charge to reject or approve the Proposal (eventually amended); they have the same weight in order to adopt/refuse the Proposal.
  • Ordinary Legislative Procedure.
    The Ordinary Legislative Procedure is the main legislative procedure of the EU´s decision-making system. It gives the same weight to the European Parliament and the Council of the European Union.

===>    Click here for a detailed description of the Ordinaly Legislative Procedure.    <===

  • According to the ordinary legislative procedure, the European Commission submitted the legislative proposal to the European Parliament and to the Council of the European Union for the first reading.

Step 2 – First reading in the European Parliament (no time limit)

The President of the European Parliament refers the proposal to a Parliamentary Committee.

  • The President of the European Parliament referred the proposal to the Committee on Civil Liberties, Justice and Home Affairs (LIBE).

The Parliamentary Committee appoints a rapporteur who is responsible for drawing up a draft report containing amendments to the proposed text.

  • The Committee appointed Jan Philipp Albrecht as a rapporteur.

The Committee votes on this report and any amendments to it tabled by other members.

The European Parliament then discusses and votes on the legislative proposal in plenary on the basis of the committee report and amendments.

  • The full Parliament confirmed the committee’s texts in a vote on 12 March 2014 (Texts adopted).
  • According to the Ordinary Legislative Procedure Parliament submitted its first reading position to the Council.

Step 3 – First reading in the Council of the European Union (no time limit)
(preparatory work in Council runs in parallel with the first reading in Parliament, but Council may only formally conduct its first reading based on Parliament’s position)

Legally speaking, the Council is a single entity but it is in practice divided into several different Council configurations.

  • In the field of Data Protection Justice and Home Affairs Council (JHA) is the qualified configuration.

Council can accept the Parliament’s position or adopt changes, leading to a Council’s first reading position.

Before adopting his first reading position, the Council may adopt a ‘general approach‘ to give the Parliament an idea of its position on the Commission’s legislative proposal. The “general approach” is a shortcut to speed up the legislative procedure and make it easier to reach an agreement between the Parliament and the Council through informal interinstitutional meetings, known as ‘Trilogues‘ (because also the European Commission is involved).

  • The Council of the European Union adopted a “General Approach” on 15 June 2015.

A general approach let the Council to begin negotiations with the European Parliament with a view to reaching overall agreement on new EU data protection rules (See: data protection reform timetable).

  • The kick-off trilogue meeting with the Parliament was held on 24 June 2015.

Step 4 – Interinstitutional meetings (Trilogues)

Outcome of the kick-off trilogue meeting

Commissioner Vera Jourová during the press conference followed to trilogue meeting said:
We are on track to adopt the data protection reform in 2015. (…) I am confident that we can now deliver our new data protection rules to the European Union by the end of this year.

In addition, Jan Philipp Albrecht, parliament’s rapporteur on the Data Protection Regulation, during the same joint press conference with regard to the challenge to reconcile the two sides (Parliament and Council) said:
There are more points we have in common than points that divide us.

Finally, the “Preparation for trilogue” document from the Presidency of the Council of the European Union (26 June 2015) states:
A roadmap setting out the organisation of works for the trilogue phase was agreed with the objective to conclude the negotiations by the end of 2015.

Conclusions

With such premises we should be confident that a new General Data Protection Regulation will be approved by the end of this year… but… we must remember that the procedure is still in its first reading phase and there is no time limit to the trilogue negotiations.

All we can do is wait and see, so… Watch this area for updates!

One thought on “Overview of roadmap for General Data Protection Regulation

  1. Biagio Lammoglia Post author

    Just few hours ago the Council of the European Union reached a General Approach on the Proposal for a Directive on protecting personal data processed for the purpose of law enforcement.

    Have a look to my post on Europrivacy: http://goo.gl/hRin3l

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.