UK Parliament Rejects Commission’s Data Protection Proposal Despite Promise for More Flexibility

UK Parliament Rejects Commission’s Data Protection Proposal Despite Promise for More Flexibility

The European Commission’s Data Protection Reform Proposal came under fire in a just-issued report by the UK House of Commons Justice Committee that called the proposed Regulation “overly prescriptive” and lacking “flexibility or discretion” for data controllers and regulators. While The UK Justice Committee report concludes that a Regulation is necessary in order to update the 1995 Directive, and to account for the rapidly changing technological environment and address individuals’ rights, it does not believe that the current proposal is “proportionate, practicable, affordable or am effective system of data protection in the EU.”

EU Justice Commissioner Viviane Reding recently responded to similar criticism from Member States by outlining three key areas where flexibility could be added to the Commission’s existing draft data protection reform. Commissioner Reding’s announcement came during the Justice Council Meeting on October 26, 2012 in Luxemburg, several days before the EU Justice Committee released its report.

First, the Commissioner highlighted the reform’s intention to further reduce administrative burdens on companies and asserted the potential to broaden SME exemptions by taking an approach that accounts for the amount and sensitivity of the data processed.

Second, the Commissioner conceded that the delegated and implementing acts foreseen by the Regulation should be reviewed “one by one” and limited to cases in which they are “truly necessary.” However, Citing that Delegated and implementing acts are necessary in certain circumstances, Commissioner Reding  proposed three specific review criteria that should determine each case. The Commissioner believes these criteria could lead to a reduction of Commission empowerment by 40%: (1) “need to avoid fragmentation”, (2) “the need to supplement rather than amend the regulation”, and (3) “maintaining the technologically neutral character of law.”

Third, the Commissioner acknowledged that specific rules for public sector data processing are necessary in some cases; and that the Commission is willing to introduce more legislative flexibility on this point. However, Commissioner Reding believes that this necessary flexibility can and should be achieved through regulation and asserts that the Commission’s draft “already foresees 20 cases in which specific rules are adapted to the public sector.”

It is unclear how the UK Justice Committee’s report, which largely calls for the Draft Data Protection Reform to be re-written, will affect current discussions in the EU Parliament and Council.

-Julian Flamant

Leave a Reply


Privacy Calendar

Sep
15
Mon
all-day Big Data: A Tool for Inclusion or Exclusion? @ Constitution Center
Big Data: A Tool for Inclusion o… @ Constitution Center
Sep 15 all-day
The Federal Trade Commission will host a public workshop entitled “Big Data: A Tool for Inclusion or Exclusion?” in Washington on September 15, 2014, to [...]
Sep
17
Wed
all-day IAPP Privacy Academy and CSA Congress 2014 @ San Jose Convention Center
IAPP Privacy Academy and CSA Con… @ San Jose Convention Center
Sep 17 – Sep 19 all-day
This fall, the International Association of Privacy Professionals (IAPP) and Cloud Security Alliance (CSA) are bringing together the IAPP Privacy Academy and the CSA Congress [...]
Oct
21
Tue
6:00 pm Consumer Action’s 43rd Annual Awards Reception @ Google
Consumer Action’s 43rd Annual Aw… @ Google
Oct 21 @ 6:00 pm – 8:00 pm
To mark its 43rd anniversary, Consumer Action’s Annual Awards Reception on October 21, 2014, will celebrate the theme of “Train the Trainer.” Through the power of [...]
Jan
28
Wed
all-day Data Privacy Day
Data Privacy Day
Jan 28 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The [...]
Jan
28
Thu
all-day Data Privacy Day
Data Privacy Day
Jan 28 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The [...]

View Calendar