30 June, 2015
On 15 June 2015, the European Council agreed on the proposal for the new general data protection regulation initiated by the European Commission. The regulation aims to provide a high level of protection of personal data and seeks to stimulate the Digital Single Market.
In 2012 the European Commission initiated the regulation. Early 2014 the European Parliament agreed with the proposed regulation. This was the first step towards the reformation of the European data protection legislation. For an overview of the concept-regulation initiated by the Commission, see our factsheet on the website.
Since the Council has agreed, the next step is to reach an agreement on the final version and content of the regulation. The first trilogue negotiations between the Commission, the Council and the Parliament have taking place on 24 June 2015. They all agree on the fundamental elements, which form the foundation of the new regulation. They find the rules regarding data protection has to be same in the whole European Union, the data subject should be more in control of its own data, the same rules should apply for companies from within the European Union and from outside the European Union, a strong and effective one-stop-shop mechanism should be introduced and thereby the Data Protection Directive from 1995 forms the minimum level of protection. According to Jan Phillip Albrecht there are more points of understanding and agreement than points that divide them. It is expected that the subjects ‘explicit consent’ and ‘incompatible further processing’ will lead to more discussion. Commissioner Jourová is convinced that they will complete the negotiations by the end of 2015.
When the negotiations will soon lead to positive results, it is expected the regulation will be adopted in 2016 and the enforcement of the regulation will enter into force in 2018. The transition period gives organisations the opportunity to prepare themselves for the upcoming changes. Due to the extensive changes in the regulation this transition period is expected to be much needed.
On 26 May 2015 the data breach notification bill and the expansion of the powers of the Dutch DPA passed the Dutch Senate. With this amendment the Netherlands anticipate on the European regulation, that introduces a similar data breach notification system. The Dutch notification system is expected to enter into force on the first of January 2016.
Monitor our blog for more updates on the European Data Protection Regulation, or sign up for our newsletter! If you have more questions about how the regulation will affect your organisation, contact one of our privacy experts.
The ‘Ethics in Networked Systems Research’ project at the Oxford Internet Institute launched a...
Last week, the EU Justice Council discussed the latest draft of the General European Data...