Out-Law / Your Daily Need-To-Know

EU privacy watchdog seeks to future-proof data protection reform package

Out-Law News | 03 Mar 2015 | 2:32 pm | 1 min. read

EU legislators can future-proof new data protection laws against major technological advances by ensuring that they are not too prescriptive, an EU privacy watchdog has said. 

The European Data Protection Supervisor (EDPS) said "pragmatic solutions" are required and that it was aiming to be "a more proactive partner" when EU law makers begin final negotiations on the planned new General Data Protection Regulation.

In outlining its new strategy for 2015-2019 (28-page / 2.68MB PDF), the watchdog warned that a failure to future-proof the new regime in its wording could render some of the new rules "ineffective or obsolete" before the next wave of data protection reforms are anticipated.

"We will help legislators find pragmatic solutions to strengthen the roles of individuals and supervisory authorities, and the accountability of controllers, while simplifying existing formal requirements where unnecessary," the EDPS said. "Data protection needs to be more dynamic and less bureaucratic."

"Judging by current trends, we may expect a century's worth of technological changes to occur over 2015-2030, the likely duration of the reform. If the devil is in the detail, it is in some unnecessarily rigid details of certain provisions of the reform. There is a risk that some of these provisions will become ineffective or obsolete before the full package is reviewed again. These provisions can be better tailored without lowering the level of the relevant safeguards, providing flexibility without ambiguity. The scalability of a certain number of obligations is also an issue," it said.

The draft General Data Protection Regulation has been heavily debated since it was first published by the European Commission in January 2012. Since then, MEPs, EU justice ministers, regulators, business groups and other stakeholders have all had a say on what the final Regulation should say.

The new Regulation will only be finalised when the European Parliament and Council of Ministers (the Council) agree on a single text. Both law making bodies have been working on their own draft proposals and have yet to open final negotiations on the wording. MEPs reached agreement on a version of the text last year, but the Council has still to agree on its own position on the reforms.

There are major differences in the views of the national governments that make up the Council on what the new data protection regime should look like, with the system for enforcing the new rules one of the main areas of contention. Political leaders in the EU previously committed to finalising the data protection reforms "by 2015"