EU data protection vote delayed again

Parliament struggles to reach consensus on new data protection law

An important vote on the future of the European Union's privacy laws has been delayed again.

On Monday, the civil liberties committee of the European Parliament met to discuss the latest draft of Europe's Data Protection Regulation. German member of parliament (MEP) Jan Philipp Albrecht, who is charged with steering the legislation through to the final vote, explained that although several meetings have been held and some agreements have been reached, more rounds of discussions are still needed.

Therefore the committee will not be able to vote on the draft on May 29 as planned. Albrecht said he believes that compromises can be adopted with a broad consensus and that a vote is still possible before the summer recess in July.

Ireland, which currently holds the E.U. presidency, is very keen to see a vote at the member state level before the end of its presidency on July 1. However this is only possible after the Parliament as a whole has voted, something it will not do until it has heard from the civil liberties committee.

The proposals for the overhaul of the E.U.'s data protection laws come from the European Commission. The original laws date from 1995, and need to be updated for the Internet Age.

The plan is to create one directly applicable regulation to replace 27 different national data protection and privacy laws. The commission says the exercise would save industry €2.3 billion (US$3 billion) annually. But in an effort to reach some sort of consensus, more than 4,000 changes to the draft text have been put forward in Parliament.

Speaking to the committee on Monday, Dutch MEP Sophie In`t Veld said she was still worried that some member states want public services removed from the regulation. Sources say that Germany in particular is keen to have public services fall under a directive (which can be interpreted as national authorities see fit) rather than a regulation, which must be uniformly implemented in all countries.

In't Veld emphasized that public services should remain within the scope of the regulation. In 2011 European Data Protection Supervisor Peter Hustinx made the same point. "A single legal text avoids the risk of discrepancies between provisions and would be the most suitable vehicle for data exchanges between the E.U. level and the public and private entities in the member states," Hustinx said in a statement.

Another Dutch MEP, Wim van de Camp, said that the new regulation must cut red tape in terms of documents for small and medium businesses; clarify the responsibilities of controllers and processors; enable the use of data for existing business models, insurance companies and research; and ensure the proposals regarding data portability and "the right to be forgotten" are practically feasible.

In a published statement, digital rights group La Quadrature du Net said that as it currently stands, the regulation would significantly strengthen citizens' rights. But it added that in response to the Commission proposal, "powerful companies, mainly based in United States (banks, insurances and Internet services), have led an unprecedented lobbying campaign."

"Their goal is to make withdraw from the final version of the Regulation those proposals aimed at protecting citizens' personal data. Before this vote, we have to make certain that civil liberties MEPs will not break under lobby pressure," said organization spokesman Jérémie Zimmermann.

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags securitylegalprivacy

More about European CommissionEuropean Parliament

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jennifer Baker

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts