The Channel logo

News

By | Jennifer Baker 15th July 2015 08:09

'Progress made' as EU aims to get new data protection laws ASAP

Brussels moves like striking cobra, looks to achieve October agreement

The second round of negotiations on the new EU General Data Protection Regulation (GDPR) saw real movement on Tuesday, according to negotiators.

Sources familiar with the discussions told El Reg that a tentative political agreement has been reached already on Chapter 5 and Article 3. These two elements focus specifically on territorial scope and international data transfers.

According to the text, any company processing data of a European citizen in the European Union is subject to EU law and any transfer of data outside the EU must meet certain adequacy standards. This is more or less what is already enshrined in the current 1995 data protection laws, so it is a logical place to start the so-called trialogue talks. Broad political agreement means that "all we really need to do now is nail down the exact wording," said a source.

Getting consensus between the European Parliament, the Commission and the Council of national justice ministers often proves difficult. But against the external backdrop of the Snowden revelations, reform of the EU-US safe harbour agreement and challenges to jurisdiction by Microsoft and Facebook, there has been a notable push to get the GDPR onto the law books as soon as possible. Negotiators have set themselves an ambitious deadline - the Justice and Home Affairs Council meeting in October.

One sticking point in Tuesday’s negotiations was the issue of exceptions for national security, something that the Luxembourg delegation, which leads the talks for all 28 national ministers, was inflexible on. However sources said that “an avenue is clear for agreement”.

The more difficult parts of the law will be tackled after the institutions’ summer break - the next meeting is scheduled for 1 September. It is unlikely that areas such as the rights of consumers, duties of data controllers and limitations on further processing of data for incompatible purposes will be dealt with as easily as Chapter 5 and Article 3.

A Data Protection Directive, which covers law enforcement agencies (as opposed to the regulation which applies to companies), is also on the table and Parliamentary representatives have said they want the two laws to be treated as a package. ®

comment icon Read 7 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

Locker room jocks photo via Shutterstock
Best locker-room strategy: Avoid emulating AWS directly
STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock