Tag Archives: European Parliament

LIBE Committee votes all the amendments of the General Data Protection Regulation * No more “right to be forgotten”? * And why is everybody so excited/alarmed?

According to a press release of the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament, “a major overhaul of current EU data protection rules, to put people in control of their personal data while at the same time making it easier for companies to move across Europe” was voted on Monday.

The vote has been described as being “historic” and “a breakthrough”, the latter being declared by Jan Philipp Albrecht, the man of the hour, who was the rapporteur MEP for the General Data Protection Regulation proposal. According to Albrecht, “this evening’s vote is a breakthrough for data protection rules in Europe, ensuring that they are up to the the challenges of the digital age. This legislation introduces overarching EU rules on data protection, replacing the current patchwork of national laws”.

The Commissioner of Justice, Viviane Reding, was as excited about the news as Albrecht. She twitted shortly after the vote concluded: “With a large majority vote, @Europarl_EN committee has sent a strong signal tonight: as of today data protection is made in #Europe”.

However, all this excitement could be seen as premature, when one thinks that the European Council has still to achieve a common ground regarding the draft regulation. This means that the governments of all the 28 EU Member States must conclude the debates on the GDPR and come up with the Council’s own amendments. After the final draft of the Council is ready, the Parliament and the Council must also achieve a common ground regarding the GDPR before they vote it and it will enter into force.

Forget the “right to be forgotten”

The text of the draft GDPR voted by the LIBE committee has not yet been published. The only official indications with regard to its content are entailed in the press release previously cited. According to it, we find out that the controversial “right to be forgotten”, originally enshrined in Article 17 of the GDPR proposal, will lose its catchy name and probably the main reason it received so much attention. The good news is that the content of the right seems to remain the same:

“any person would have the right to have their personal data erased if he/she requests it. To strengthen this right, if a person asks a data controller (e.g. an Internet company) to erase his/her data, the firm should also forward the request to others where the data are replicated. The “right to erasure” would cover the “right to be forgotten” as proposed by the Commission”.

The reverse of general excitement: why the “Safe Harbor” panic?

While the EU officials directly involved in the GDPR legislative process are applauding the vote of the LIBE committee, voices from the US started to panic because of the imminent danger which apparently threatens (“torpedoes“?) the Safe Harbor agreement, already imagining a world without it.

Both the extreme happiness and panic are not justified at this point of the legislative process. There are still difficult stages to surpass before this piece of legislation will enter into force. The will of the governments of the 28 MSs rarely mirrors the vision of the European Parliament. As such, unfortunately, we will have to wait a bit more before affirming that data protection is made in #Europe.

 

 

 

 

 

Advertisements

The European Parliament released its reports on the data protection reform package, proposing several changes

European Parliament rapporteurs presented yesterday, according to a press release of the European Commission, two draft reports on the reform of the EU’s data protection rules proposed by the European Commission just a year ago (see IP/12/46 and MEMO/12/41). In their reports, Jan-Philipp Albrecht, rapporteur for the proposed Data Protection Regulation for the Civil Liberties, Justice and Home Affairs Committee (LIBE) of the European Parliament, and, Dimitrios Droutsas, rapporteur for the proposed Data Protection Directive for the law enforcement sector, express their full support for a coherent and robust data protection framework with strong end enforceable rights for individuals. They also stress the need for a high level of protection for all data processing activities in the European Union to ensure more legal certainty, clarity and consistency.

Some of the key points of the rapporteurs’ reports include:

  • The need to replace the current 1995 Data Protection Directive with a directly applicable Regulation. A single set of rules on data protection, valid across the EU will remove unnecessary administrative requirements for companies and can save businesses around €2.3 billion a year.
  • The support in principle for the Commission’s proposal to have a “one-stop shop” for companies that operate in several EU countries and for consumers who want to complain against a company established in a country other than their own. To ensure consistency in the application of EU data protection rules, the European Parliament rapporteur wants to create a powerful and independent EU data protection agency entrusted with taking legally binding decisions vis-à-vis national data protection authorities.
  • Support for the strengthening of users’ rights: they encourage the use by companies of pseudonymous and anonymous data; they further propose strengthening the concept of explicit consent for data to be legally processed by asking companies to use clear and easily comprehensible language (also with regards to privacy policies); the ‘Albrecht-report’ proposes further reinforcing the “right to be forgotten” (the right to erase one’s data if there are no legitimate grounds to retain it) by asking companies which have transferred data to third parties without a legitimate legal basis to make sure these data are actually erased.
  • The European Parliament rapporteurs agree with the European Commission’s proposal that EU rules must apply if personal data of individuals in the EU is handled abroad by companies which are not established in the Union. According to the amendments proposed it would be sufficient that a company aims at offering its goods or services to individuals in the EU. An actual payment from the consumer to the company is not needed to trigger the application of the data protection regulation.
  • The European Parliament rapporteurs stress the need to have independent national data protection authorities which are well-equipped to better enforce the EU rules at home. The ‘Albrecht-report’ provides guidance as to the staffing and resourcing of these authorities and welcomes the Commission’s proposal to empower them to fine companies that violate EU data protection rules.
  • On the delegated acts foreseen in the Regulation (also known as ‘Commission empowerments’ or acts which ensure that if, in practice, more specific rules are necessary, they can be adopted without going through a long legislative process): the European Parliament rapporteur wants to drastically reduce the number of delegated acts by including, among others, more detailed provisions in the text of the Regulation itself. The European Commission has recently shown its openness to such an approach (see SPEECH/12/764).
  • On the Directive that will apply general data protection principles and rules to police and judicial cooperation in criminal matters, the rapporteur agrees with the Commission’s proposal to extend the rules to both domestic and cross-border transfers of data. The report also aims to strengthen data protection further by enhancing individuals’ rights, giving national data protection authorities greater and more harmonised enforcement powers and by obliging them to cooperate in cross-border cases.

The European Parliament’s LIBE Committee will discuss the draft reports on 10 January.

The European Commission will continue to work very closely with the rapporteurs of the European Parliament and with the Council to support the Parliament and the Irish EU Presidency in their endeavour to achieve a political agreement on the data protection reform by the end of the Irish Presidency.

See the entire press release: http://europa.eu/rapid/press-release_MEMO-13-4_en.htm

The European Parliament Demands A Net Neutrality Law

net

www.edri.org writes that a large majority of European parliamentarians demanded in two non-legislative resolutions that net neutrality should be enshrined in European Union law.

In the context of a non-legislative resolution on Completing the Digital Single Market, the European Parliament “calls on the Commission to propose legislation to ensure net neutrality” and urges Commissioner Kroes to end her ill-fated “wait and see” approach.

In a second resolution on a Digital Freedom Strategy in EU Foreign Policy, the Parliament additionally stressed that it “strongly supports the principle of net neutrality, namely that internet service providers do not block, discriminate against, impair or degrade, including through price, the ability of any person to use a service to access, use, send, post, receive or offer any content, application or service of their choice, irrespective of source or target” and “calls on the Commission and Council to promote and preserve high standards of digital freedom in the EU, in particular by codifying the principle of net neutrality”.

Following its resolution on net neutrality from November 2011, this is the second time that the European Parliament has asked the Commission abandon its laissez-faire approach on this crucial policy area. Research from the Body of European Regulators for Electronic Communications (BEREC) proves that operators interfere with traffic on their networks in socially harmful ways. They block, throttle and discriminate against applications, content and services that are competing with their own. The existing laws in many European Member States are inadequate to prevent such abuses of the open Internet.

The European Parliament’s vote showed once more that the Commission’s belief in transparency, competition and the possibility to change operators to sufficiently ensure network neutrality is inadequate.

“Users and innovators, not access providers, should continue to decide how they want to use the Internet if it is to continue to realise its potential as a barrier-free single market and as a unique platform for social and cultural activity and democratic discourse,” said Joe McNamee, Executive Director of EDRi.

Data Protection Reform in EU, to be voted by EP in 2014

According to the draft calendar published  by the rapporteur of the European Parliament (EP) for the new data protection regulation, the legislative proposal will be voted in the plenary of the EP in 2014.

MEP Jan Philipp Albrecht wrote that the final schedule will be agreed with the other committees involved and will be adapted as the legislation proceeds.

Indicative calendar of public events or action points

  • 29 May 2012, 15:00-18:30: LIBE Committee Workshop (industry, civil society and academia).
    The workshop is open to all interested stakeholders. Logistics such as registration are handled by the LIBE secretariat. More information is available at the committee website. Please do not contact Jan Philipp Albrecht’s office on this.
  • 31 May 2012, 11:00-12:00: LIBE Exchange of views (Regulation and Directive)
  • 19/20 June 2012: Presentation of general Working Document (Regulation and Directive)
  • 9/10 July 2012 : Presentation of specific working document on the Regulation (WD 1)
  • September 2012: LIBE Exchange of views (Regulation)
  • October 2012: Presentation of specific working document on the Regulation (WD 2)
  • October/November 2012: LIBE Committee Hearing
  • November 2012: Presentation of the draft report
  • December 2012: Deadline for tabling amendments
  • End January/February 2013: Discussion of Amendments in LIBE Committee
  • February 2013: Discussion with Opinion Committees
  • March/April 2013: Orientation Vote LIBE committee
  • Summer 2013 (?) Trilogue with Council and Commission
  • Early 2014 (?): Vote in plenary

You can find the details on Albrecht’s website, with a click HERE.

Commission downplays Parliament EU-US data privacy concerns

EUObserver writes about how Justice Commissioner Viviane Reding has insisted that US authorities cannot override EU laws on data privacy, following concerns expressed by MEPs that certain US laws and legal subpoenas could force EU companies to disclose personal data to US law enforcement agencies.

In an oral question to the Commission, liberal MEPs drew attention to US legislation, including the Medicare Act and the Patriot Act, which, they said, could require the submission of personal data stored in Europe to the US authorities.

Read the rest here: http://euobserver.com/871/115299