OUTCOME OF PROCEEDINGS from: Working Party on Information Exchange and Data Protection (DAPIX) on: February 2012 Subject: Summary of discussions

Similar documents
10349/14 GS/np 1 DG D 2B

Committee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT. Committee on Civil Liberties, Justice and Home Affairs

PUBLIC. 6286/15 GS/np 1 DGD2C LIMITE EN. Councilofthe EuropeanUnion Brussels,19February2015 (OR.en) 6286/15. InterinstitutionalFile: 2012/0011(COD)

5853/12 GS/np 1 DG H 2B

Parliament of Romania Chamber of Deputies Committee for information technologies and communications

COUNCIL OF THE EUROPEAN UNION. Brussels, 22 November /13. Interinstitutional File: 2013/0027 (COD)

PUBLIC COUNCILOF THEEUROPEANUNION. Brussels,31January /14. InterinstitutionalFile: 2012/0011(COD) LIMITE

THE PRINCIPLE OF SUBSIDIARITY

15724/1/17 REV 1 KM/CB/ek 1 DGE2B

EUROPEAN UNION. Brussels, 25 April 2014 (OR. en) 2013/0084 (COD) PE-CONS 63/14 STATIS 39 SOC 185 ECOFIN 237 CODEC 711

ARTICLE 29 DATA PROTECTION WORKING PARTY

COUNCIL OF THE EUROPEAN UNION. Brussels, 23 May 2014 (OR. en) 9371/14 Interinstitutional File: 2010/0208 (COD) LIMITE

WORKING DOCUMENT. EN United in diversity EN. European Parliament

COUNCIL OF THE EUROPEAN UNION. Brussels, 16 May /14. Interinstitutional File: 2013/0027 (COD)

Council of the European Union Brussels, 17 November 2017 (OR. en)

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL AND THE NATIONAL PARLIAMENTS

10972/14 IV/NC/kp DGB 2

9101/15 TG/LM/add 1 DG G 3 A

EDPS Opinion on the proposal for a Regulation on ECRIS-TCN

epp european people s party

EBA/RTS/2017/ December Final Report. Draft regulatory technical standards. on central contact points under Directive (EU) 2015/2366 (PSD2)

Joint Position on Procedural Safeguards

PUBLIC 9934/15 1 DGD LIMITE EN. Council of the European Union Brussels, 20 July 2015 (OR. en) 9934/15 LIMITE PV/CONS 33 JAI 458 COMIX 278

Council of the European Union Brussels, 13 April 2016 (OR. en) Working Party on General Matters including Evaluations

EUROPEAN UNION. Brussels, 27 March 2013 (OR. en) 2011/0374 (COD) PE-CONS 80/12 CONSOM 164 MI 853 JUSTCIV 382 CODEC 3131 OC 774

15349/16 BM/abs 1 DG D 2A

14186/17 CB/OTS/ek 1 DGE 2B

9823/1/16 REV 1 GB/jg 1 DGD 1C

DER BINNENMARKT IST DER MOTOR DES WIRTSCHAFTSWACHSTUMS

TEXTS ADOPTED. having regard to the Treaties, and in particular to Articles 2, 3, 4 and 6 of the Treaty on European Union (TEU),

15489/14 TA/il 1 DG E 2 A

LIMITE EN. Brussels, 15 November EUROPEAN ECONOMIC AREA Council of the EEA EEE 1607/2/11 REV 2

5965/18 OM/vc 1 DGG 1B

Analysis. Second version. The Proposed Data Protection Regulation: What has the Council agreed so far?

Council of the European Union Brussels, 5 October 2017 (OR. en) Mr Jeppe TRANHOLM-MIKKELSEN, Secretary-General of the Council of the European Union

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

15868/13 JB/mf 1 DGG 1B

Council of the European Union Brussels, 10 May 2016 (OR. en) Standing Committee on Operational Cooperation on Internal Security (COSI)

COMMISSION STAFF WORKING DOCUMENT

DECISION OF THE PRESIDENT OF THE EUROPEAN COMMISSION

An Overview of a New Regulatory Regime in EU Financial Market Regulation, 2015

RESOLUTION. of the Conference of the Belarusian National Platform of the Eastern Partnership Civil Society Forum

Consultation Paper. Draft Regulatory Technical Standards

(Legislative acts) DIRECTIVE 2014/55/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 16 April 2014 on electronic invoicing in public procurement

EUROPEA U IO. Brussels, 12 June 2009 (OR. en) 2007/0195 (COD) PE-CO S 3648/09 E ER 170 CODEC 701

Comments and suggestions on the Terms of Reference for drafting a Second Optional Protocol to the Cybercrime Convention

EU data protection reform

Customer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)

EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL

Council of the European Union Brussels, 12 April 2018 (OR. en)

Acas consultation. on the revision of paragraphs 15 and 36 of the Acas Code of Practice on Disciplinary and Grievance Procedures

COUNCIL OF THE EUROPEAN UNION. Brussels, 1 June /10 Interinstitutional File: 2008/0241 (COD) ENV 357 MI 183 CODEC 495

Council of the European Union Brussels, 15 December 2017 (OR. en)

CM1702. Note on the interparliamentary scrutiny of Europol

EU Charter of Fundamental Rights

10133/2/04 REV 2 mip/pt/ep 1

Lords Bill Committee on Digital Economy Bill Information Commissioner s briefing

(Text with EEA relevance) Having regard to the Treaty on the Functioning of the European Union, and in particular Article 192(1) thereof,

THE EUROPEAN CONVENTION THE SECRETARIAT. Brussels, 1 October 2002 (02.10) (OR. fr) CONV 305/02 WG III 16

(Non-legislative acts) REGULATIONS

14536/14 ACA/ec 1 DGD2B

Public Consultation on a proposal for a mandatory Transparency Register

COVER NOTE General Secretariat of the Council Delegations Amendment of the Treaties on which the Union is founded

ARTICLE 29 Data Protection Working Party

COUNCIL OF THE EUROPEAN UNION. Brussels, 20 November /08 Interinstitutional File: 2007/0247 (COD)

Chapter 7. The interface between member states and the European Union

Independence and powers of independent supervisory authorities

TTIP- EU proposal for Chapter: Regulatory Cooperation

4. EU Charter of Fundamental Rights

Data Protection Policy

JOINT PARLIAMENTARY COMMITTEE

9935/16 SC/mvk 1 DG D 2B

CORRESPONDENT S REPORT NEW PUBLIC PROCUREMENT RULES IN THE EU

9061/16 SC/mvk 1 DG D 2B

UK - ICT FOR DEVELOPMENT

Proposal for a. REGULATION (EU) No / OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

European Parliament resolution of 8 March 2011 on the revision of the General Product Safety Directive and market surveillance (2010/2085(INI))

AmCham EU comments on the European Commission s Preliminary Report on the E-Commerce Sector Inquiry

119195/EU XXIV. GP. Eingelangt am 24/06/13. Brussels, 24 June 2013 COUNCIL OF THE EUROPEAN UNION 11265/13 JAI 509 COSI 81 COMIX 387

5. Dealt with in Brussels by The Transport, Telecommunications and Energy Council Working Party on Land Transport

EBA/CP/2013/12 21 May Consultation Paper

XT 21001/17 1 UKTF LIMITE EN

Less bureaucracy for small scale financial aid

Meijers Committee standing committee of experts on international immigration, refugee and criminal law

Westfield Primary School DISCIPLINARY POLICY AND PROCEDURE

SUBMISSION OF COSATU ON THE DRAFT NATIONAL KEY POINT AND STRATEGIC INSTALLATIONS BILL [NOTICE 432 OF 2007],

Naděžda Šišková 1. Keywords Treaty on Stability, Fiscal Compact, Excessive Deficit Procedure, Reverse Majority Voting, Financial Sanctions

Matters of special interest to the Subordinate Legislation Committee

EU GENERAL DATA PROTECTION REGULATION

Data protection (GDPR) policy

SPICe briefing THE SUBSIDIARITY PROTOCOL IN THE TREATY OF LISBON. 24 April /21

EUROPEAN COMMISSION COMMUNICATION FROM THE COMMISSION. EU Law: Better Results through Better Application

ECR Group proposals on the revision of the Interinstitutional Agreement on Better Law-Making

Committee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT

NOTE Terminology to be used in Council and COREPER agendas for legislative items under the Ordinary Legislative Procedure (OLP)

The Committee of Ministers, under the terms of Article 15.b of the Statute of the Council of Europe,

The interaction between Article 192 and 194 TFEU. Examining the scope of a predominant environmental purpose

Why TiSA negotiations should be halted. NGO statement

Council Directive 98/59/EC of 20 July 1998 on the approximation of the laws of the Member States relating to collective redundancies

This document will be the basis for legal-linguistic revision in view of the common position.

Transcription:

COUNCIL OF THE EUROPEAN UNION Brussels, 8 March 2012 7221/12 DAPIX 22 OUTCOME OF PROCEEDINGS from: Working Party on Information Exchange and Data Protection (DAPIX) on: 23-24 February 2012 Subject: Summary of discussions 1. Approval of the agenda The agenda as set out in CM 1415/12 was adopted. One delegation queried whether the Working Party on Information Exchange and Data Protection was the appropriate forum to discuss the General Data Protection Regulation, as this proposal was also based on an internal market legal basis (Article 114 TFEU) and should in its view therefore be discussed in an internal market working party. The General Secretariat explained that following the entry into force of the Lisbon Treaty COREPER had decided to make this Working Party competent for all data protection questions 1. 1 17653/09 POLG 239 JAI 931. 7221/12 GS/np 1

2. Comprehensive reform of EU data protection rules - Presentation by the Commission of the "data protection package" and general exchange of views Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions "Safeguarding Privacy in a Connected World A European Data Protection Frame work for the 21st Century" 5852/12 DATAPROTECT 8 JAI 43 MI 57 DRS 10 DAPIX 11 FREMP 6 Proposal for a directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data 5833/12 DATAPROTECT 6 JAI 41 DAPIX 9 FREMP 8 COMIX 59 CODEC 217 + ADD 1 + ADD 2 Proposal for a regulation of the European Parliame nt and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) 5853/12 DATAPROTECT 9 JAI 44 MI 58 DRS 9 DAPIX 12 FREMP 7 COMIX 61 CODEC 219 + ADD 1 + ADD 2 The Commission presented the comprehensive data protection package, emphasising that the proposals were motivated both by the Commission's desire to stimulate growth (internal market) and by the need to protect fundamental rights throughout the European Union. Reference was made to the new legal basis for legislative measures under the Lisbon Treaty, Article 16 TEU, which, in the Commission's view, authorised the adoption of EU data protection legislation with regard to both cross-border exchanging of data and internal data processing operations. The Commission justified the need to overhaul the 1995 Data Protection Directive by referring to the enormous technological developments which had taken place since 1995 and to the global trend towards a digital economy. 7221/12 GS/np 2

The Commission representative pointed to a so-called quadrant of objectives underlying the Commission's proposals: (1) stimulating growth by building confidence as the result of using uniform data protection rules applicable throughout the European Union; (2) the protection of fundamental rights; (3) the adoption of legal instruments that are flexible enough to adapt to future technological developments; and (4) legal certainty. The general comments made by delegations on the comprehensive data protection package focused on: (a) the need for a new data protection regime; (b) the form of the legislative instruments and techniques proposed by the Commission; (c) the scope of the legislative proposals, and (d) some aspects of the content of the proposed General Data Protection Regulation. (a) The need for a new data protection regime; There was a general consensus that the proposals met a real need for reform of the EU data protection regime, as it needed to be updated so as to be flexible enough to meet future challenges. Some delegations felt that the Commission should have been more radical in its proposal for overhauling the data protection regime and dared to abandon some of the existing main rules and concepts on data protection. Many delegations had serious concerns that this newly proposed data protection regime, rather than simplifying the data protection rules as it intended, would result in an increased administrative burden on both the private and public sectors. A number of delegations thought that the proposed Regulation did not distinguish sufficiently between the position of, and rules applicable to individuals, small and medium-sized enterprises (SMEs), large international enterprises and the public sector. As regards the private sector, several delegations argued that the number of employees a company employed should not be the decisive criterion for differentiating as to the applicability of a number of data protection rules, but that this should instead hinge on the data protection risk inherent in specific types of data processing operations. Some delegations strongly advocated a more risk-based approach for the future EU data protection regime. 7221/12 GS/np 3

(b) Form of the legislative instruments and techniques proposed by the Commission; (i) the proposed replacement of the 1995 Directive by a Regulation A significant number of delegations stated they would have preferred a Directive and some of these entered a scrutiny reservation 1 on the form of the proposed General Data Protection Regulation. It was argued by a few delegations that a Regulation was too prescriptive. One delegation thought that a Regulation might be appropriate for the private sector, but not for the public sector. By contrast, another delegation thought it would have been preferable to have brought the judicial and police sector under the scope of the Regulation too. The Commission argued that the choice of a Regulation as a single instrument applicable throughout the European Union was an enormous advantage for companies active in several Member States (including SMEs), as they would no longer be obliged to adapt to different national legislation. A few delegations supported the Commission in its choice of a Regulation. (ii) delegated acts Many delegations criticised the many instances in which the proposal delegated powers to the Commission to flesh out the rules of the General Data Protection Regulation through delegated acts. The recourse to delegated acts was criticised on account of the perceived unbalanced division of powers between the legislator (Council/Parliament) and the Commission, and also as this was thought to be undermining one of the main aims of the proposed Regulation, namely, to simplify data protection rules. The prospect that delegated acts could eventually lead to an (implicit) modification of national procedural legislation was considered unacceptable by one delegation. 1 BE, DE, SI 7221/12 GS/np 4

(c) Scope of the legislative proposals (i) material scope: areas covered One delegation took the view that the Regulation should distinguish more clearly between the public and private sectors. Another delegation criticised the demarcation between the proposed Regulation and the Directive, on the grounds that the Directive would apply only in cases where the data processing by public authorities took place with a view to the prevention, detection, investigation and prosecution of offences or the execution of criminal penalties, whereas the same public authorities would sometimes handle the same data in the same "file" with a different purpose and those data processing operations would therefore fall outside the scope of the Directive. It was felt that the Directive should apply to all data processing operations by public authorities where the latter are exercising sovereign powers. The Commission replied that the same distinction had already applied before the Lisbon Treaty and considered that this was not a problem in itself. Some delegations criticised the fact that the proposed Data Protection Directive would also apply to purely internal data processing operations. This was criticised both on legal grounds (alleged lack of EU competence on the basis of Article 16 TEU) and on factual grounds. It was argued, with reference to the subsidiarity principle, that there was no need to have EU rules on internal data processing operations in the area of police and judicial activities, as the absence thereof had not hampered judicial and police cooperation between the Member States. It was also stated that the Commission should have awaited the proper transposition and functioning of the 2008 Data Protection Framework Decision before proposing a new data protection regime for the JHA area. A few delegations argued that the establishment of data protection rules for internal data processing operations would eventually lead to EU approximation of rules investigative measures, which was considered undesirable and a potential impingement on criminal procedure rules. It was also queried whether such detailed legal measures were provided for by Article 16 TEU. Some delegations referred to the possible conflict between data protection rules and (constitutional) rules on access to, and disclosure of public documents, which in their view was not adequately addressed in the proposed instrument. A possible conflict with the freedom of the press was also raised. The possible overlap with the E-Privacy Directive was also highlighted by some delegations. 7221/12 GS/np 5

(ii) geographical scope One delegation expressed strong reservations concerning the choice of criteria for determining the competence of the data protection authorities (DPAs) and thought that the option of making one DPA competent for all data processing operations carried out throughout the European Union by a particular data controller could lead to forum shopping and might distance the data subject from the competent DPA. In the same vein, another delegation wondered whether this might result in an excessive administrative burden on the DPA of some Member States. Some other delegations, however, expressly welcomed the so-called one-stop shop principle. (d) Highlighted aspects of the content of the proposed General Data Protection Regulation During the round of general comments, the following specific issues figured most prominently: Whilst welcoming the concepts of privacy by design and the attention to privacy-enhancing technologies, some delegations queried whether the proposed Data Protection Regulation was sufficiently technology-neutral. Some delegations expressed concerns as to the technical feasibility of concepts such as the right to be forgotten and the right to data portability. A few delegations considered the rules on the data protection officers (DPOs) to be too prescriptive. It was also stressed that the DPOs could find themselves with conflicting roles if they were meant to perform controlling tasks whilst maintaining an independent stance. The increased role of the data protection authorities (DPAs) in the draft regulation was welcomed, however the increased tasks of the DPAs would inevitably have to be matched by a substantial increase of their staff and budget, which was not easy at a time of economic crisis and austerity of public budgets. 7221/12 GS/np 6

Several delegations said the sanctions provided by the draft regulation were too heavy, especially for SMEs. In this regard, the double jeopardy (ne bis in idem) risk of having the same conduct sanctioned twice, was also raised. 3. General Data Protection Regulation The proposal is subject to a general scrutiny reservation by all delegations and, in addition, a parliamentary scrutiny reservation by HU, NL and PL. Article-by article discussion (Articles 1-21) Delegations discussed Articles 1 to 4. The outcome of these discussions will be set out in a separate Presidency note to be issued later. 4. Any other business No items were raised under this heading. 7221/12 GS/np 7

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback