Further delay to EU Data Protection Regulation

Following the failure of the Justice and Home Affairs Ministers to reach an agreement at their Council meeting in December 2013, it will now be up to the Greek Government (who took over the Presidency of the Council at the beginning of January 2014) to try and make progress on the draft Regulation.

The Greeks are hoping to reach political agreement on the draft Regulation at the Justice and Home Affairs Ministers Council meeting in June. Even if an agreement is reached, the three-way negotiations (trilogue) between the Justice and Home Affairs Ministers, the European Commission and the European Parliament will not start until this autumn at the earliest. The Regulation, therefore, will not be passed until the end of this year or early 2015 and would not come into force until the end of 2016 or early 2017.

European Commission Vice-President Viviane Reding said on 7 January: “The Heads of State and Government [of EU Member States] committed to a 'timely' adoption of the new rules in October 2013. Not much progress has been made since. But I hope that under the Greek presidency that has just started, Member States will now finally take the big decisions needed. The European Commission will support the Greek Government’s ambitious objective to reach an agreement by the summer.”

One-stop shop principle causes a stir among EU officials
One of the issues raised at the December 2013 Council meeting was the one-stop shop principle in the Regulation, whereby an organisation operating in several of the EU Member States would only be subject to the decisions of the national data protection authority in the Member State where it had its main establishment. Under the current law, an organisation is subject to the decisions of the national data protection authorities in all the Member States where it operates.

From the citizen's viewpoint, the one-stop shop principle would mean that if they had a complaint about an organisation who had a main establishment in another Member State, they would complain to the national data protection authority in their own Member State who would then pass it on to the relevant national data protection authority.

There is a further problem in that the Legal Service of the Council said that it could not recommend the current proposals on the one-stop shop principle as EU citizens would have to deal with such a complicated system for data protection complaints that they would be discouraged from pursuing the matter.

Hubert Legal, head of the legal service for the European Council, said it was a one-stop shop for companies but a three-stop process for citizens that undermined their human rights. The European Commission’s own Legal Service said there was no problem on this point with the current proposals on the one-stop shop principle.