Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

LIBE Committee Vote Completes Major Step Towards Adoption of EU Data Protection Regulation

Posted in European Union, International

By Monika Kuschewsky & Ezra Steinhardt

In a historic vote today, the leading parliamentary committee on the European Commission’s proposed General Data Protection Regulation, the Civil Liberties Committee (“LIBE”), adopted all compromise amendments put forward to the Commission’s original proposal. The compromise amendments had been prepared by the rapporteur, Green Member of the Parliament, Jan Philipp Albrecht, in close collaboration with his counterparts in each of the other political parties. The amendments, which covered over 80 Articles across several hundreds of pages in the proposed Regulation, represented only a small fraction of the more than 3,000 proposed amendments received by the Committee earlier this year from stakeholders and interest groups.

The vote had initially been scheduled for April, but in view of the large number of amendments, had been postponed several times (see InsidePrivacy, European Parliament’s Lead Committee for the Proposed EU General Data Protection Regulation Postpones Vote , March 21, 2013). Despite these delays, the actual voting process was rapid — in an evening meeting in Strasbourg, the Committee members adopted with an overwhelming majority en bloc all the compromise amendments as well as the draft text for the General Data Protection Regulation in less than an hour of voting. In addition to the en bloc vote, the Committee also voted separately on six particularly controversial individual compromise amendments, which were nevertheless also all adopted (three of which passed only with significantly reduced majorities, however). According to press reports, the adopted compromise amendments, which have not been officially published, contain a mixed bag for companies, including an increased level of fines and new registration requirements (in case of certain international data transfers and disclosure requests for personal data by foreign courts or authorities).

In a final key vote, the Committee also approved a mandate for Mr. Albrecht to directly start negotiations with the Council (the EU institution representing the EU Member States’ governments) and the Commission (the so-called trilogue process). In addition, in a statement before the vote, Mr. Albrecht declared the Committee’s determination that, irrespective of the outcome of the trilogue process, there will be a plenary vote in Parliament in April on the results of the process, which could, for instance, take the form of a first reading, the adoption of a mandate, or a partial agreement.  This statement indicates that the Parliament will push for rapid negotiations with the Council and the Commission in order to obtain a full vote on the final text of the proposed Regulation before the Parliament elections in May 2014. 

The LIBE Committee subsequently voted on the proposed amendments to the draft Directive for the law enforcement sector, which is proceeding in tandem with the legislative process for the Regulation. The bulk of compromise amendments to the Directive for the law enforcement sector were also adopted en bloc (with a majority of 29 out of 52 votes). A number of individual compromise agreements were voted on separately, but were also adopted in addition to the modified text of the Directive. As with Mr. Albrecht for the Regulation, the rapporteur for the Directive for the law enforcement sector, Greek Socialist Mr. Droutsas, also received a mandate to start negotiations with the Council. As with the proposed Regulation, there will be a plenary vote in April on the results of the trilogue process. These votes were consistent with the Parliament’s long-term position on the Directive, which has called for a “package approach” that legislates both the Commission proposals for the General Data Protection Regulation and the Directive for the law enforcement sector at the same time, to ensure that both laws are consistent and comprehensive.

The ball is now in the court of the Council, which still needs to agree on a negotiating mandate, known as the “general approach,” in order for the trilogue process to start.  (Informal negotiations may begin earlier, however.) The Commission has expressed hopes that the vote in the European Parliament will put pressure on the Council to accelerate its work on the proposed Regulation. According to press reports, the Justice Ministers of the Member States made some progress on the proposal during their last meeting two weeks ago – agreeing in principle, albeit not on the specifics, on a “One Stop Shop” principle – and will meet again in December.

However, given the amount of work still required on the Council’s part, it looks increasingly unlikely that the Council will be able to reach a general approach this year. This would leave very little time for the trilogue process next year: Council and Parliament would need to reach a compromise in the spring before the last plenary meeting of the European Parliament in mid-April 2014. If no agreement can be reached before the new elections, the draft bill would not automatically expire. Negotiations could be continued in the next legislative period, provided the newly elected Parliament was willing to take up the work where it was left before the elections (see InsidePrivacy, Vote on EU Data Protection Regulation Again Postponed, June 21, 2013). Mr. Albrecht in his aforementioned statement seems to be mindful of the possibility that the trilogue process may not be finished by then.)

Vice President of the European Commission, Viviane Reding‏, who as the Commissioner for Justice, Fundamental Rights and Citizenship is in charge of the two legislative proposals, welcomed the LIBE Committee’s vote, tweeting that the committee has sent a strong signal and stating that “… as of today data protection is made in Europe.