Jun 262015

The Final Stretch: Trilogue Commences Final Negotiations on EU Data Protection Regulation

William RM Long and Geraldine Scali
, ,

Following the adoption of the EU Data Protection Regulation by the Council of Ministers last week, today saw the first meeting of the European Commission, European Parliament and Council of Ministers under what is known as the trilogue process, with the aim of negotiating the final wording of the Regulation.

From the press statement today, the European Commissioner for Justice, Věra Jourová, indicated that the Commission, Council and Parliament agree on the main elements of the Regulation, including:

  • the need for a single set of rules on data protection, valid across the EU;
  • reinforced rights for data subjects;
  • the same rules for companies from within and from outside the EU;
  • a strong and effective one-stop shop mechanism; and
  • that the 1995 Data Protection Directive provides the minimum level of data protection needed to guarantee such reform.

During the meeting, the negotiators reaffirmed their commitment to finalise the Regulation by end of this year and agreed on a “roadmap” for the upcoming meetings.  While the full details of the roadmap were not released, the draft agenda for further trilogue meetings to reach final agreement on Chapters in the Regulations includes:

  • 14 July 2015: territorial scope (Article 3) and international transfers (Chapter V);
  • September: principles (Chapter II); rights of the data subject (Chapter III) and controller and processor (Chapter IV);
  • October: data protection authorities (Chapter VI); cooperation and consistency (Chapter VII) and remedies, liabilities and sanctions (Chapter VIII);
  • November: general provisions, such as objectives and material scope (Chapter I) and specific regimes (Chapter IX); and
  • December: delegated and implementing acts (Chapter X), final provisions (Chapter XI) and other remaining issues.
William RM Long

London

wlong@sidley.com

Geraldine Scali

gscali@sidley.com

You might also like
Substantial changes to Hong Kong’s privacy laws coming

In a briefing to the Legislative Council (Hong Kong’s legislative body) on February 20, 2023, the Privacy Commissioner (“the Commissioner”) announced that substantive amendments to the Personal Data (Privacy) Ordinance (“PDPO”) will take place.

It Is Now More Difficult For International Pharma To Transfer Data Out Of China

China’s new Measures for the Security Assessment of Outbound Data Transfers (the “Measures”) came into force on September 1, 2022. Pharma companies now have until February 28 to work out whether their activities mean they are affected, and to apply for the new type of data security assessment if they need it.

Unpacking Digital Data Laws Across Europe: Addressing the Digital Markets Act

The EU Digital Markets Act (DMA) is set to revolutionize the way in which so-called ‘Big Tech’ is regulated in the EU, shifting toward ex-ante rulemaking and away from traditional after-the-fact enforcement. The DMA imposes a stringent regulatory regime on large online platforms (so-called “gatekeepers”) and gives the European Commission (Commission) new enforcement powers, including an ability to impose severe fines and remedies for noncompliance.