The General Data Protection Regulation (GDPR) relaunched!

This post is also available in: frFrançais (French)

The European Parliament, the Commission and the Council are finally gathered to negotiate a better regime of data protection in Europe. What they have in common is their wish to replace as soon as possible the previous European text, the Directive 95/46/EC. Indeed, the protection provided by the Directive 95 does not grant enough respect to Internet users’ rights and freedom against the outrageous use of “massive data” anymore. European citizens’ data are permanently collected, processed, stored, exchanged, and bargained. This new Regulation must go further than the previous one: give back the control of his/her personal data to the user, and “rekindle the flame” of privacy.

The first “trilogue” of the European General Data Protection Regulation (GDPR) revision process took place on June 24, 2015. The present article intends to bring a bit more clarity on what happened before in order to be able to follow decisions that will be taken in the next few months on Internet users’ rights.

It is in order to enable enterprises to profit from a booming digital market that the EU has decided to revise the Directive 95/46/EC.

The current process aims at harmonising 28 national legislations so as to ensure to enterprises and Internet users a single referent framework in the area of data protection. The implementation of a “one-stop-shop” eases complaint procedures for citizens towards net actors. European firms will not be the only ones concerned; any foreign enterprise operating in Europe or processing European citizens’ personal data will be subjected to these new rules. They must learn that respecting European citizens’ privacy is not a burden; it is a competitive advantage as a confidence guarantee, crucial to lead a sane economic activity. 

In fact, negotiators are dealing with a “Package”, a popular formula adopted by European decision-makers in order to link different negotiation arguments. As such, they have chosen to write a regulation for personal data protection, while the legislative implementation area (in the sector of police and justice) will be included in a directive.

The LIBE Committee of the European Parliament has renewed the German Green MEP Jan P. Albrecht as rapporteur to defend guiding lines of the Parliament on the Regulation: give back data control to users, particularly by reinforcing their capacity to consent. On that matter, the Council’s position is dangerous: the browser’s configuration might equal consent for tracking and profiling!

Another essential point for the Parliament: reinforcing data controllers’ responsibilities, as well as condemning non-compliant behaviours to pay financial sanctions which amount shall be up to 5% of the annual turnover.

On the last point, the new Regulation is an important move for several national Data Protection Authorities (DPA) which were until now deprived of any power to impose sanctions. However, these sanctions will prove to be efficient only if their amount represents a real incentive for compliance. The Parliament must reach a satisfying level of sanctions, without what DPAs will be reinforced only on paper.

The European Commissioner for Justice, Vera Jourovà, assumes the representation of the Commission. The negotiations will take place during the Luxembourg Presidency of the Council. Its representative, the Ministry of Justice Felix Braz, ensured of his optimism on the possibility to reach an agreement by the end of 2015. If we believe what the three institutions’ representatives stated during the press conference given in the Parliament on the 24th of June, the Union should adopt the Regulation AND the Directive by the end of the year! A first meeting has been scheduled: the summit of the JHA (Justice and Home Affairs) Council in October. Eight meetings are foreseen between July and September. This new rush in negotiations may damage the quality of the regulation.

The Parliament has already made enough concession even before the trilogue started. As it has been tirelessly repeated, “the devil is in the details”. It is therefore important that the Parliament maintains its position in order to prevent any loopholes in the system, which will, without doubt, be exploited!

What’s next?


14 July 2015: second trilogue meeting on Territorial Scope (Article 3) and International Transfers (Chapter V). 

Compte AEDH