On October 10, the Senate Committee on Commerce, Science, and Transportation held second hearing on data privacy that invited advocates and experts to discuss a federal privacy law. The panelists included Andrea Jelinek, director of the European Data Protection Board; Alastair Mactaggart, chair of Californians for Consumer Privacy;
Continue Reading Senate Discusses a Federal Privacy Law with Privacy Experts: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act

Today, the EU institutions reached the long-awaited political agreement on the General Data Protection Regulation (GDPR), which will fundamentally change the EU privacy landscape (for the Commission press release see here and the European Parliament press release here).  Almost four years after the publication of the legislative proposal for
Continue Reading Political Agreement on the EU General Data Protection Regulation – Start of a New EU Privacy Era?

Today, the first meeting between the European Parliament (“EP”), the Council and the Commission (called “trilogue”) took place with the aim of reaching an agreement on the General Data Protection Regulation (“GDPR”) by the end of the year.  (For background, please see our previous InsidePrivacy post on the Council’s recently agreed general approach.)  The three EU institutions also discussed the status and timetable for the trilogue negotiations on the proposed Data Protection Directive in the law enforcement context (“Law Enforcement DP Directive”).

Right after the meeting,  the EP’s rapporteur on the GDPR, Green MEP Jan-Philipp Albrecht, the Chair of the Civil Liberties, Justice and Home Affairs (‘LIBE’) committee, S&D MEP Claude Moraes, justice ministers from the outgoing (Latvia) and incoming (Luxembourg) Council Presidencies, and the EU Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, gave a joint press conference on the state of play of the talks and next steps.Continue Reading EU General Data Protection Regulation – First day of ‘trilogue’ discussions

As we recently covered on this blog, on June 15, the Council of Ministers of the EU reached a long-awaited ‘common approach’ on a revised text of the proposed General Data Protection Regulation (GDPR).

Covington will be running a webinar on July 1, repeated on July 2 to accommodate
Continue Reading Covington Webinar: The EU General Data Protection Regulation – What’s Next and What It Means For Your Business

In today’s Justice and Home Affairs (“JHA”) Council meeting (see here), the Council of Ministers of the EU agreed the Council’s long-awaited common approach on a revised text of the proposed General Data Protection Regulation (“GDPR”). The Presidency of the Council of the EU had published a compromise text
Continue Reading Council Agrees Common Approach on EU General Data Protection Regulation – Negotiations With Parliament and Commission on Final Text To Begin Imminently

Last Friday, the Council, which represents the 28 EU Member States, reached a partial general approach on the so-called “one stop shop” mechanism (Chapters VI and VII) and principles for protecting the personal data (Chapter II) (see the press release here, which also contains links to the latest draft
Continue Reading The General Data Protection Regulation – Council is Moving Forward in Great Strides

Today, the European Parliament (EP) voted in favor of the two reports of rapporteurs Jan-Philipp Albrecht and Dimitrios Droutsas concerning the proposed General Data Protection Regulation and the proposed Directive for the law enforcement sector. The support for the report on the proposed Regulation (see here), which the LIBE Committee of the EP had adopted in October last year (see InsidePrivacy, What Companies Should Know About the LIBE Committee’s Amendments to the EU’s Proposed Data Protection Regulation, October 24, 2013), was particularly strong (621 votes in favor out of 653 votes), whereas a considerable minority (276 votes out of 677 with 371 votes in favor) voted against the report on the proposed Directive (see here).

The votes followed a debate on the reform package that took place in the plenary yesterday.  The debate was characterized by strong support for the proposed Regulation.  A few Members of the EP (MEPs) raised concerns in particular in relation to the rules applicable to small and medium-sized companies (SMEs) and the potential impact on freedom of press and health research. However, although several MEPs recognized that the proposed Regulation would not be perfect, the majority considered it to be a step into the right direction and several stressed that it would establish parity of European with non-European companies.Continue Reading European Parliament Votes in Favor of Proposed General Data Protection Regulation

Only a few days after the leading parliamentary committee waved through the proposed amendments to the European Commission’s legislative proposal for a General Data Protection Regulation (see here and here), the EU Member States’ governments have decided to postpone the adoption of the Regulation to 2015.  Germany and the

Continue Reading European Council Taps the Breaks–Adoption of EU General Data Protection Regulation Delayed

The Civil Liberties, Justice and Home Affairs (LIBE) Committee of the European Parliament (EP)– the EP’s lead committee for the European Commission’s legislative proposal for a General Data Protection Regulation to replace the current EU Data Protection Directive–was supposed to vote at the end of April on the proposed amendments

Continue Reading European Parliament’s Lead Committee for the Proposed EU General Data Protection Regulation Postpones Vote

According to recent press reports, the Irish Presidency has prepared a note to report to the Council of the EU on the progress achieved on the European Commission’s legislative proposal for a General Data Protection Regulation. Ireland holds the Presidency of the Council of the EU in the first half of 2013 and has already devoted ten working days to this file in the first six weeks of its term. The Council of the EU is the EU institution representing the 27 EU Member States’ government representatives. Both the European Parliament and the Council must endorse the proposal for it to be adopted.

The risk-based approach

The Council has finalised its first examination of the entire proposal and, following instructions by the Council at the end of last year, the Irish Presidency has now commenced to inject a more risk-based approach into the draft Regulation by proposing amendments to particular provisions, in particular the provisions concerning the obligations on controllers and processors but also some provisions concerning the rights of data subjects. By doing so, the Irish Presidency has tried to address concerns raised by several Member States regarding the level of prescriptiveness of a number of the proposed obligations in the draft Regulation. Under the approach proposed by the Irish Presidency, the risk inherent in certain data processing operations should be a main criterion for balancing the data protection obligations. In other words, the lower the risks the less prescriptive the obligations, and the higher the risk the more detailed the obligations should be. The Irish Presidency’s note is also critical of certain provisions that empower the European Commission to adopt delegated and implementing acts, much in line with the criticism raised by the European Parliament and the Article 29 Working Party, the EU advisory body on data protection.Continue Reading The Battle Lines are Clearing Up: The Irish Presidency Note on the Proposed General Data Protection Regulation