Statewatch.org have recently published a leaked copy of the European Council’s draft of the proposed new Data Protection Regulation and it makes for interesting reading.
The political machinations continue at EU level and predictions for publication of a final form Data Protection Regulation increasingly refer to 2016 as the likely date. But to read behind the headlines continues to be a useful exercise for corporates who need to give real consideration now to what their regulatory landscape might look like in the not too distant future.
A key issue will be determining the place of “main establishment” which in turn will determine the appropriate lead authority.
If that isn’t clear, or there is disagreement, it is being proposed that an EU Data Protection Board (EDPB) would have power to make a binding determination.…
On 12 March 2014, the European Parliament voted in favour of the revised draft EU Data Protection Regulation. To become law the proposed Regulation must be adopted by the EU Council using the "ordinary legislative procedure". The EU Council is due to meet in June 2014.
The proposed Regulation was originally presented by the European Commission on 25 January 2012. It has been the subject of voracious debate both in Brussels and across the EU, and has been subject to much re-drafting.
The European Commission has published Communications on Rebuilding Trust in EU-US Data Flows and on the Functioning of Safe Harbor. The Communications were released as a result of deepening concerns following the allegations of widespread access by U.S. intelligence agencies to personal data.
The European Commission has called for action in six areas, including:-
- Adoption of the EU’s draft Data Protection Regulation by Spring 2013;
- Improvement of the functioning of the Safe Harbour scheme (which provides a legal basis for the transfers of personal data from the EU to companies in the U.S. for commercial purposes);
- Swift conclusion of the current negotiations on the "umbrella agreement" for transfers and processing of data in the context of police and judicial co-operation;
- Use by the U.S. administration of the existing Mutual Legal Assistance and Sectoral agreements, whenever transfers of data are required for law enforcement purposes;
- Extension of the legal safeguards available to U.S. citizens to EU citizens, not resident in the U.S; and
- Accession by the U.S. to the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (as it acceded to the 2001 Convention on Cybercrime).