On October 12, 2015, the European Parliament’s Civil Liberties, Justice and Home Affairs (“LIBE”) Committee held a debate to discuss the aftermath of the ruling of the Court of Justice of the European Union (“CJEU”) ruling in Case C-362/14 Maximillian Schrems v Data Protection Commissioner (see summary of the ruling here and summary of the Advocate-General’s Opinion here).  The debate was chaired by the LIBE Committee Chair, Claude Moraes, and started with a presentation from the European Parliament’s Legal Service.  The Legal Service provided a summary of the CJEU’s decision, and set out the following points:

  • The ruling confirms the importance of the EU Charter of Fundamental Rights in protecting EU citizens, and the fact that all EU laws must comply with the Charter.  In this case, the Charter rights invoked included the right of all EU citizens to privacy and the right to an effective judicial remedy.  It can be concluded from the CJEU’s ruling that the Data Protection Directive 95/46/EC does comply with the Charter.
  • Both the Charter of Fundamental Rights and the Data Protection Directive 95/46/EC provide a high level of protection to EU citizens’ personal data, whether the data are situated inside or outside the EU.  This means that a third country can only be considered to provide “adequate” protection to EU citizens’ personal data when that country itself has strong data protection laws.  The protection provided in a third country need not be identical, but must provide an “essentially equivalent” protection to that guaranteed under EU law.
  • Legislation, whether in the EU or the U.S., cannot legitimately authorize mass or generalized surveillance of EU citizens’ data.
  • The power of local data protection authorities (“DPAs”) to investigate data protection breaches cannot be restricted by the Commission.


Continue Reading Debate in the European Parliament’s LIBE Committee on the Schrems ruling

A European Parliament policy department has released a report, entitled Big Data and Smart Devices and Their Impact on Privacy, that criticizes the lack of focus on privacy and data protection in the European Commission’s “Digital Single Market” policy agenda, noting a “conflicting” intersection between the Commission’s Digital Single Market objectives and the EU’s efforts, now in their hopefully final stages, to reform the EU’s general legislation around the protection of personal information.
Continue Reading EU Parliament Policy Report Takes Dim View of EU Commission’s “Pro-Market” Policies on Big Data and Smart Devices

A second round of “trilogue” negotiation on the EU General Data Protection Regulation (GDPR), on July 14th, has addressed the law’s territorial scope and rules relating to international data transfers (Articles 3 and Chapter 5, respectively).

Although no agreed text has been released, public comments made by Jan Philipp Albrecht, the European Parliament’s lead negotiator on the GDPR, indicate that agreement has been reached “in principle” on most of the provisions discussed. (For a video of his comments, please see here, from 3:10:00 to 3:20:00.)  However, some issues remain to be resolved, and it is expected they will be addressed when negotiations resume in September.

Continue Reading Progress on EU GDPR Reform: International Aspects Debated

In today’s Justice and Home Affairs (“JHA”) Council meeting (see here), the Council of Ministers of the EU agreed the Council’s long-awaited common approach on a revised text of the proposed General Data Protection Regulation (“GDPR”). The Presidency of the Council of the EU had published a compromise text for approval by the JHA

From September 29 to October 7, 2014, parliamentary Committees of the European Parliament (“EP”) will be holding public confirmation hearings with Commissioners-designates with a view to assessing their skills and qualifications ahead of the EP’s vote on October 22 to approve (or reject) the Council’s appointment of the new Commission.

On October 1, the Committee on Legal Affairs (“JURI”), the Committee on Civil Liberties, Justice and Home Affairs (“LIBE”), the Committee on Internal Market and Consumer Protection (“IMCO”) and the Committee on Women’s Rights and Gender Equality (“FEMM”) therefore held a hearing with Věra Jourová, the Czech Commissioner-designate for Justice, Consumers and Gender Equality.   The answers of the Commissioner designate, some of which are summarized here below, failed to impress the members of the European Parliament who will be subjecting the Commissioner- designate to further questions.  It is therefore at this stage unclear whether Ms Jourova will take up her portfolio later this year.

Continue Reading Committees of European Parliament Hold Confirmation Hearing for Commissioner-Designate for Justice, Consumers, and Gender Equality

On June 6, 2014, the Justice and Home Affairs Council of the European Union (the “Council”), representing individual EU Member States, reached a common position on certain important aspects of the draft European Data Protection Regulation (the “Regulation”).  Specifically, the Council reached an agreement on rules governing transfers of personal data outside the EU, set out in Chapter V of the Regulation, and on rules relating to its territorial scope.  A number of key elements of the proposal remain under review, however, with agreement not expected for some time.  And, the text of the proposed Regulation still has to be negotiated and agreed in its entirety by both the Council and the European Parliament, and Chapter V (as well as other provisions) may undergo further changes in the process.

While Parliament’s position is now set in stone (following a plenary vote in March 2014), the Council is still in the process of defining its position on key aspects of the Regulation.  According to unofficial sources, the Italian Presidency of the Council (which will take over in July) will aim to agree the remaining Chapters of the Regulation by the end of 2014.  It is unclear whether any negotiations on the text between the Council and Parliament will take place before then.

Continue Reading EU Justice Ministers Reach A Common Position on Aspects of the Draft EDPR

By: Sophie Noya

On May 22-25, EU citizens elected Members of the European Parliament (“MEPs”) for a five-year term.  Several of the key parliamentary decision-makers on the data protection reform have been reelected, including the strongest supporters of far-reaching privacy rights such as the rapporteur, German Green Member Jan Philipp Albrecht, and Dutch Liberal Sophia In’t Veld.  More than half of the European Parliament (“EP”) has been renewed, which may give an advantage to experienced MEPs who will try to play a dominant role.

Although the three main parliamentary groups (center-right EPP, center-left Socialists and center Liberals) continue to control two thirds of the seats in the EP, Eurosceptic and nationalist parties gained significant ground at the expense of mainstream parties.  These anti-EU parties – which could represent up to 25% of the Assembly – are composed of heterogeneous political formations.  This Parliament will therefore be more fragmented than the previous one.  In practice, social priorities will become more important and MEPs will likely strengthen their support to citizens’ rights in order to demonstrate that they drew the lessons from the elections outcome.

Continue Reading EU Parliamentary Elections: What Impact on the EU Data Protection Reform?

It has been an eventful week in the European Parliament in relation to data privacy and security matters.  Having already voted in favor of the General Data Protection Regulation (“GDPR”) and endorsed a controversial report into allegations of mass surveillance, the European Parliament voted yesterday on the proposed Network and Information Security (“NIS”) Directive.  In line with previous committee reports, the Parliament vote ensures that the Proposed Network and Information Security Directive focuses on protecting critical infrastructure in the energy, transport, financial services and health sectors. 

The EU legislative bodies will now enter into negotiations to agree a final text.  Commissioner Kroes called earlier this week for this work to be completed this year, but this timeframe seems ambitious.

Continue Reading European Parliament Votes to Ensure that the Proposed Network and Information Security Directive Focuses on Protecting Critical Infrastructure

On March 12, 2014, the European Parliament voted 544 to 78, with 60 abstentions, to endorse a report prepared by MEP Claude Moraes (S&P, UK) (the Report), and to pass a resolution summarising Mr. Moraes’ findings (the Resolution).  The Report and Resolution conclude a six-month investigation by the influential Committee on Civil Liberties, Justice and

Today, the European Parliament (EP) voted in favor of the two reports of rapporteurs Jan-Philipp Albrecht and Dimitrios Droutsas concerning the proposed General Data Protection Regulation and the proposed Directive for the law enforcement sector. The support for the report on the proposed Regulation (see here), which the LIBE Committee of the EP had adopted in October last year (see InsidePrivacy, What Companies Should Know About the LIBE Committee’s Amendments to the EU’s Proposed Data Protection Regulation, October 24, 2013), was particularly strong (621 votes in favor out of 653 votes), whereas a considerable minority (276 votes out of 677 with 371 votes in favor) voted against the report on the proposed Directive (see here).

The votes followed a debate on the reform package that took place in the plenary yesterday.  The debate was characterized by strong support for the proposed Regulation.  A few Members of the EP (MEPs) raised concerns in particular in relation to the rules applicable to small and medium-sized companies (SMEs) and the potential impact on freedom of press and health research. However, although several MEPs recognized that the proposed Regulation would not be perfect, the majority considered it to be a step into the right direction and several stressed that it would establish parity of European with non-European companies.

Continue Reading European Parliament Votes in Favor of Proposed General Data Protection Regulation