European Parliament

Today, the EU institutions reached the long-awaited political agreement on the General Data Protection Regulation (GDPR), which will fundamentally change the EU privacy landscape (for the Commission press release see here and the European Parliament press release here).  Almost four years after the publication of the legislative proposal for the GDPR, the final trilogue

On October 12, 2015, the European Parliament’s Civil Liberties, Justice and Home Affairs (“LIBE”) Committee held a debate to discuss the aftermath of the ruling of the Court of Justice of the European Union (“CJEU”) ruling in Case C-362/14 Maximillian Schrems v Data Protection Commissioner (see summary of the ruling here and summary of the Advocate-General’s Opinion here).  The debate was chaired by the LIBE Committee Chair, Claude Moraes, and started with a presentation from the European Parliament’s Legal Service.  The Legal Service provided a summary of the CJEU’s decision, and set out the following points:

  • The ruling confirms the importance of the EU Charter of Fundamental Rights in protecting EU citizens, and the fact that all EU laws must comply with the Charter.  In this case, the Charter rights invoked included the right of all EU citizens to privacy and the right to an effective judicial remedy.  It can be concluded from the CJEU’s ruling that the Data Protection Directive 95/46/EC does comply with the Charter.
  • Both the Charter of Fundamental Rights and the Data Protection Directive 95/46/EC provide a high level of protection to EU citizens’ personal data, whether the data are situated inside or outside the EU.  This means that a third country can only be considered to provide “adequate” protection to EU citizens’ personal data when that country itself has strong data protection laws.  The protection provided in a third country need not be identical, but must provide an “essentially equivalent” protection to that guaranteed under EU law.
  • Legislation, whether in the EU or the U.S., cannot legitimately authorize mass or generalized surveillance of EU citizens’ data.
  • The power of local data protection authorities (“DPAs”) to investigate data protection breaches cannot be restricted by the Commission.

Continue Reading Debate in the European Parliament’s LIBE Committee on the Schrems ruling

A European Parliament policy department has released a report, entitled Big Data and Smart Devices and Their Impact on Privacy, that criticizes the lack of focus on privacy and data protection in the European Commission’s “Digital Single Market” policy agenda, noting a “conflicting” intersection between the Commission’s Digital Single Market objectives and the EU’s efforts, now in their hopefully final stages, to reform the EU’s general legislation around the protection of personal information.
Continue Reading EU Parliament Policy Report Takes Dim View of EU Commission’s “Pro-Market” Policies on Big Data and Smart Devices

A second round of “trilogue” negotiation on the EU General Data Protection Regulation (GDPR), on July 14th, has addressed the law’s territorial scope and rules relating to international data transfers (Articles 3 and Chapter 5, respectively).

Although no agreed text has been released, public comments made by Jan Philipp Albrecht, the European Parliament’s lead negotiator on the GDPR, indicate that agreement has been reached “in principle” on most of the provisions discussed. (For a video of his comments, please see here, from 3:10:00 to 3:20:00.)  However, some issues remain to be resolved, and it is expected they will be addressed when negotiations resume in September.Continue Reading Progress on EU GDPR Reform: International Aspects Debated

In today’s Justice and Home Affairs (“JHA”) Council meeting (see here), the Council of Ministers of the EU agreed the Council’s long-awaited common approach on a revised text of the proposed General Data Protection Regulation (“GDPR”). The Presidency of the Council of the EU had published a compromise text for approval by the JHA

From September 29 to October 7, 2014, parliamentary Committees of the European Parliament (“EP”) will be holding public confirmation hearings with Commissioners-designates with a view to assessing their skills and qualifications ahead of the EP’s vote on October 22 to approve (or reject) the Council’s appointment of the new Commission.

On October 1, the Committee on Legal Affairs (“JURI”), the Committee on Civil Liberties, Justice and Home Affairs (“LIBE”), the Committee on Internal Market and Consumer Protection (“IMCO”) and the Committee on Women’s Rights and Gender Equality (“FEMM”) therefore held a hearing with Věra Jourová, the Czech Commissioner-designate for Justice, Consumers and Gender Equality.   The answers of the Commissioner designate, some of which are summarized here below, failed to impress the members of the European Parliament who will be subjecting the Commissioner- designate to further questions.  It is therefore at this stage unclear whether Ms Jourova will take up her portfolio later this year.Continue Reading Committees of European Parliament Hold Confirmation Hearing for Commissioner-Designate for Justice, Consumers, and Gender Equality

On June 6, 2014, the Justice and Home Affairs Council of the European Union (the “Council”), representing individual EU Member States, reached a common position on certain important aspects of the draft European Data Protection Regulation (the “Regulation”).  Specifically, the Council reached an agreement on rules governing transfers of personal data outside the EU, set out in Chapter V of the Regulation, and on rules relating to its territorial scope.  A number of key elements of the proposal remain under review, however, with agreement not expected for some time.  And, the text of the proposed Regulation still has to be negotiated and agreed in its entirety by both the Council and the European Parliament, and Chapter V (as well as other provisions) may undergo further changes in the process.

While Parliament’s position is now set in stone (following a plenary vote in March 2014), the Council is still in the process of defining its position on key aspects of the Regulation.  According to unofficial sources, the Italian Presidency of the Council (which will take over in July) will aim to agree the remaining Chapters of the Regulation by the end of 2014.  It is unclear whether any negotiations on the text between the Council and Parliament will take place before then.Continue Reading EU Justice Ministers Reach A Common Position on Aspects of the Draft EDPR

By: Sophie Noya

On May 22-25, EU citizens elected Members of the European Parliament (“MEPs”) for a five-year term.  Several of the key parliamentary decision-makers on the data protection reform have been reelected, including the strongest supporters of far-reaching privacy rights such as the rapporteur, German Green Member Jan Philipp Albrecht, and Dutch Liberal Sophia In’t Veld.  More than half of the European Parliament (“EP”) has been renewed, which may give an advantage to experienced MEPs who will try to play a dominant role.

Although the three main parliamentary groups (center-right EPP, center-left Socialists and center Liberals) continue to control two thirds of the seats in the EP, Eurosceptic and nationalist parties gained significant ground at the expense of mainstream parties.  These anti-EU parties – which could represent up to 25% of the Assembly – are composed of heterogeneous political formations.  This Parliament will therefore be more fragmented than the previous one.  In practice, social priorities will become more important and MEPs will likely strengthen their support to citizens’ rights in order to demonstrate that they drew the lessons from the elections outcome.Continue Reading EU Parliamentary Elections: What Impact on the EU Data Protection Reform?

It has been an eventful week in the European Parliament in relation to data privacy and security matters.  Having already voted in favor of the General Data Protection Regulation (“GDPR”) and endorsed a controversial report into allegations of mass surveillance, the European Parliament voted yesterday on the proposed Network and Information Security (“NIS”) Directive.  In line with previous committee reports, the Parliament vote ensures that the Proposed Network and Information Security Directive focuses on protecting critical infrastructure in the energy, transport, financial services and health sectors. 

The EU legislative bodies will now enter into negotiations to agree a final text.  Commissioner Kroes called earlier this week for this work to be completed this year, but this timeframe seems ambitious.Continue Reading European Parliament Votes to Ensure that the Proposed Network and Information Security Directive Focuses on Protecting Critical Infrastructure

On March 12, 2014, the European Parliament voted 544 to 78, with 60 abstentions, to endorse a report prepared by MEP Claude Moraes (S&P, UK) (the Report), and to pass a resolution summarising Mr. Moraes’ findings (the Resolution).  The Report and Resolution conclude a six-month investigation by the influential Committee on Civil Liberties, Justice and