By Lisa Peets and Rosie Klement

On July 14, 2017, the Impact Assessment Institute (“IAI”) (an independent institute committed to impartial impact assessment and scientific evaluation of policy and legislation in the EU) published a study assessing the impact assessment carried out by the European Commission in connection with the Commission’s proposal for a new E-Privacy Regulation (“EPR”).  The IAI study is critical of the Commission’s impact assessment, and – by extension – the Commission’s case for the new EPR itself.

Background on the Impact Assessment and EPR

The EPR is the Commission’s proposed update to the existing EU E-Privacy Directive, and is intended to complement the EU’s broader data protection regime (as set out in the General Data Protection Regulation, “GDPR”).  The EPR would introduce a number of rules, including a provision protecting the confidentiality of communications that would regulate traditional telecoms services, and new “over-the-top” (“OTT”) services such as VoIP, web email, and instant messaging, among others.  The Commission EPR proposal is currently progressing through the legislative process in both the European Parliament and Council.

When formulating new proposals for regulations such as the EPR, the Commission prepares impact assessments in accordance with the Better Regulation Guidelines (detailed guidance intended to improve the quality of the Commission’s law-making).  The Commission duly prepared an impact assessment for the EPR, which was published alongside the text of the EPR legislative proposal on January 10, 2017 (the “Impact Assessment”).
Continue Reading Impact Assessment Institute Releases Report Critical of Commission’s Case for E-Privacy Regulation

Yesterday, the European Parliament voted to approve the EU-U.S. Umbrella Agreement, a framework for the exchange of personal data for law-enforcement (including anti-terrorism) purposes between the EU and U.S.  As we previously explained, negotiations on this Agreement have been underway for quite some time, with the European Parliament first calling for it back in March 2009.

According to the European Commission’s fact sheet, the Agreement “puts in place a comprehensive high-level data protection framework for EU-US law enforcement cooperation.”  Specifically, the Umbrella Agreement includes the following protections:

  • Data Use Limitations
  • Onward Transfer Requirements
  • Publicly Available Retention Periods
  • Access and Rectification Rights
  • Data Breach Notification
  • Judicial Redress and Enforceability


Continue Reading European Parliament Approves EU-U.S. Umbrella Agreement

Today, the European Parliament (EP) voted in favor of the two reports of rapporteurs Jan-Philipp Albrecht and Dimitrios Droutsas concerning the proposed General Data Protection Regulation and the proposed Directive for the law enforcement sector. The support for the report on the proposed Regulation (see here), which the LIBE Committee of the EP had adopted in October last year (see InsidePrivacy, What Companies Should Know About the LIBE Committee’s Amendments to the EU’s Proposed Data Protection Regulation, October 24, 2013), was particularly strong (621 votes in favor out of 653 votes), whereas a considerable minority (276 votes out of 677 with 371 votes in favor) voted against the report on the proposed Directive (see here).

The votes followed a debate on the reform package that took place in the plenary yesterday.  The debate was characterized by strong support for the proposed Regulation.  A few Members of the EP (MEPs) raised concerns in particular in relation to the rules applicable to small and medium-sized companies (SMEs) and the potential impact on freedom of press and health research. However, although several MEPs recognized that the proposed Regulation would not be perfect, the majority considered it to be a step into the right direction and several stressed that it would establish parity of European with non-European companies.

Continue Reading European Parliament Votes in Favor of Proposed General Data Protection Regulation

Recent events in the European Parliament and European Council demonstrate that concerns over the U.S.-EU Safe Harbor Agreement are continuing to mount, and reform or even revocation of the Safe Harbor Agreement remains a possibility.  Today, Covington published a client alert that discusses recent developments involving the Safe Harbor Agreement and the potential impact of

The Civil Liberties, Justice and Home Affairs (LIBE) Committee of the European Parliament (EP)– the EP’s lead committee for the European Commission’s legislative proposal for a General Data Protection Regulation to replace the current EU Data Protection Directive–was supposed to vote at the end of April on the proposed amendments to the draft Regulation. However

By Fredericka Argent

On 26 October, 2012, Commissioner Viviane Reding, the Vice President of the European Commission, gave a speech in Luxembourg following the conclusion of a meeting of the Justice Council (a body of ministers representing Member State justice and home affairs departments, and part of the European Council).  The speech covered a variety of topics, including an update on Commissioner Reding’s positions on the proposed new data protection regime. In particular, businesses may be interested to learn that Commissioner Reding offered to review the number of “delegated act” provisions in the legislation, potentially reducing the scope for future uncertainties.  The Commissioner acknowledged a variety of concerns raised by the Member States, and observed that the legislative  negotiations in the European Parliament and Council were now at a “crucial stage”.

The Commissioner used the speech as an opportunity to describe three “proposed solutions” to the criticisms of the bill levied to date.  Each solution represents a change from the Commission’s previous negotiating position, and also possibly a step towards compromise among the three law-making European institutions.

Continue Reading Commissioner Reding Speaks to the European Council on the Proposed Data Protection Regime