By Fredericka Argent and Ezra Steinhardt
On 26 October, 2012, Commissioner Viviane Reding, the Vice President of the European Commission, gave a speech in Luxembourg following the conclusion of a meeting of the Justice Council (a body of ministers representing Member State justice and home affairs departments, and part of the European Council). The speech covered a variety of topics, including an update on Commissioner Reding’s positions on the proposed new data protection regime. In particular, businesses may be interested to learn that Commissioner Reding offered to review the number of “delegated act” provisions in the legislation, potentially reducing the scope for future uncertainties. The Commissioner acknowledged a variety of concerns raised by the Member States, and observed that the legislative negotiations in the European Parliament and Council were now at a “crucial stage”.
The Commissioner used the speech as an opportunity to describe three “proposed solutions” to the criticisms of the bill levied to date. Each solution represents a change from the Commission’s previous negotiating position, and also possibly a step towards compromise among the three law-making European institutions.
- Cutting the number of delegated acts. A number of stakeholders — including businesses, the European Parliament, the European Council, and the Article 29 Working Party group of European privacy regulators — have raised concerns about the expansive new law-making powers that would be devolved to the Commission in the current draft, via a large number of delegated and implementing act provisions. To address their concerns, Commissioner Reding signalled her willingness to review all of the proposed delegated act provisions in the current draft, to identify which were really necessary. She estimated that the review might find that as many as 40% of the provisions could be dropped.
- Expanding the small and medium-sized (SME) business exemption. To address industry fears about the effect of costly and expansive new administrative burdens on businesses, and especially small businesses, Commissioner Reding said that the Commission would consider “broadening” the current SME exemption that applies to certain data protection requirements in the draft legislation, to cover “other areas” of the proposed rules. This would effectively reduce the number of obligations that SMEs would be required to comply with under the proposal.
- Applying the law to the public sector. To mitigate Member State concerns about uncertainties over how the new law could affect government bodies and agencies handling personal data, Commissioner Reding also said she would be willing to give Member States greater scope to mould their own territory-specific laws setting out how the Regulation will apply to their public sectors.
Commissioner Reding also explained in her speech that a decision on these issues is expected to be taken in December, in order to ensure that political agreement on the data protection package as a whole remains on track and can be completed by mid-2013.