UK Parliament Rejects Commission’s Data Protection Proposal Despite Promise for More Flexibility

UK Parliament Rejects Commission’s Data Protection Proposal Despite Promise for More Flexibility

The European Commission’s Data Protection Reform Proposal came under fire in a just-issued report by the UK House of Commons Justice Committee that called the proposed Regulation “overly prescriptive” and lacking “flexibility or discretion” for data controllers and regulators. While The UK Justice Committee report concludes that a Regulation is necessary in order to update the 1995 Directive, and to account for the rapidly changing technological environment and address individuals’ rights, it does not believe that the current proposal is “proportionate, practicable, affordable or am effective system of data protection in the EU.”

EU Justice Commissioner Viviane Reding recently responded to similar criticism from Member States by outlining three key areas where flexibility could be added to the Commission’s existing draft data protection reform. Commissioner Reding’s announcement came during the Justice Council Meeting on October 26, 2012 in Luxemburg, several days before the EU Justice Committee released its report.

First, the Commissioner highlighted the reform’s intention to further reduce administrative burdens on companies and asserted the potential to broaden SME exemptions by taking an approach that accounts for the amount and sensitivity of the data processed.

Second, the Commissioner conceded that the delegated and implementing acts foreseen by the Regulation should be reviewed “one by one” and limited to cases in which they are “truly necessary.” However, Citing that Delegated and implementing acts are necessary in certain circumstances, Commissioner Reding  proposed three specific review criteria that should determine each case. The Commissioner believes these criteria could lead to a reduction of Commission empowerment by 40%: (1) “need to avoid fragmentation”, (2) “the need to supplement rather than amend the regulation”, and (3) “maintaining the technologically neutral character of law.”

Third, the Commissioner acknowledged that specific rules for public sector data processing are necessary in some cases; and that the Commission is willing to introduce more legislative flexibility on this point. However, Commissioner Reding believes that this necessary flexibility can and should be achieved through regulation and asserts that the Commission’s draft “already foresees 20 cases in which specific rules are adapted to the public sector.”

It is unclear how the UK Justice Committee’s report, which largely calls for the Draft Data Protection Reform to be re-written, will affect current discussions in the EU Parliament and Council.

-Julian Flamant

Leave a Reply


Privacy Calendar

May
26
Tue
7:00 pm Student Data Privacy in an Onlin... @ The New York City Bar Association
Student Data Privacy in an Onlin... @ The New York City Bar Association
May 26 @ 7:00 pm – 9:00 pm
For more information, please click here.
May
27
Wed
all-day PL&B’s Asia-Pacific Roundtable (...
PL&B’s Asia-Pacific Roundtable (...
May 27 all-day
PROFESSOR GRAHAM GREENLEAF, Asia-Pacific Editor, Privacy Laws & Business International Report, will lead a roundtable on the countries of most interest to business in the Asia-Pacific region. Click here for more information.
Jul
6
Mon
all-day PL&B’s 28th Annual International...
PL&B’s 28th Annual International...
Jul 6 – Jul 8 all-day
The Privacy Laws & Business 27th Annual International Conference featured more than 40 speakers and chairs from many countries over 3 intensive days. At the world’s longest running independent international privacy event participants gained professionally by[...]
Jan
28
Thu
all-day Data Privacy Day
Data Privacy Day
Jan 28 – Jan 29 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]
Jan
28
Sat
all-day Data Privacy Day
Data Privacy Day
Jan 28 – Jan 29 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]

View Calendar