Following the debate on the Data Protection Regulation on 11 March and the vote in plenary on 12 March, MEPs introduced enhanced safeguards for EU citizens’ personal data in a significant overhaul of the EU’s data protection reform package.
The Report was voted with a huge majority – across all parties– as expected – with 621 for, 10 against and 22 abstentions. The objective for the European Parliament was to present a united front to the Council before trilogue – and that is what they did.
With regard to the implications for EU citizens following the vote in plenary it is important to note that the new rules strive to offer EU citizens greater control over their personal data and to facilitate ease of access across boarders for firms (e.g. a search engine, social network or cloud storage service provider), by ensuring the applicability of the same rules to all EU Member States.
The Regulation will also establish a ‘one-stop-shop’ for businesses which means that, when the controller or the processor of personal data is active in more than one Member State, one single supervisory authority should be competent for monitoring its activities throughout the EU.
However the current position of the European Parliament could inadvertently harm health research in the EU and access to data itself.
The result of the vote in Plenary may be somewhat misleading as the Parliament in united in appearance only.
Viviane Reding (Vice-president and Commissioner responsible for justice, fundamental rights and citizenship) urged the Council to take a position soon so the Regulation can be adopted by the end of the year. With respect to the specific point on health research – she indicated that the original Commission Proposal was adequately equipped, as it “struck the right balance between the privacy of a person’s data and health research,” and allows, “in very specific research circumstances, data [to] be processed without consent.”
Mr Albrecht (Rapporteur of Report) reiterated the position of the Parliament by stating that if the decision resided solely with the European Parliament, they would vote on the Regulation to be adopted as soon as possible. The European Parliament wants the Council to come to an agreement as soon as possible, so that trilogue can commence.
In order to become law the following must occur:
It is not expected however that the Data Protection Regulation will be agreed on this year. A new European Parliament must be voted and new members must familiarise themselves with the text.
In the event that Mr. Albrecht does not get re-elected a new Rapporteur must be appointed and there are many factors which could potentially delay the adoption of the Regulation.
The most important delaying factor is that the positions of the Parliament and the Council are radically different and with a Green MEP directing the discussions who have been less than compromising in previous discussions, it is likely that the debate will drag on into next year.
The resulting text of the European Parliament is not yet available.
For more information, read the official press release