All is quiet in Brussels now that Commission officials have deserted for the continent’s beaches and the European Parliament has gone into summer recess. But the ICO never rests. This is therefore a good opportunity to take stock of progress made so far this year on the update of European data protection laws and look at what the future might hold.
The key question remains will we have a new legal framework by this time next year? Opinions vary and we don’t have any great inside knowledge at the ICO, but those who know how Brussels works certainly think that it is still possible and even likely. What is in no doubt is that there is still much work to be done before next year’s deadline when the terms of office of both MEPs and the current European Commissioners come to an end. There’s no shortage of political will, and it’s not just Viviane Reding who wants change, with the Council and the Parliament also keen. What might defeat the proposals though is the sheer size of the task ahead. There are so many difficult issues to reach agreement on, everything from the meaning of “pseudonymous” data to the size of the proposed fines.
Edward Snowden’s whistleblowing revelations about the US Foreign Intelligence Surveillance Act have had an effect too. Significant though they are for those concerned with protecting the privacy of personal information, any belief that changes to the text of the draft Regulation can somehow prevent the US authorities from gaining access to the personal data of EU citizens must be mistaken. This is an issue that goes much wider than data protection law. It may be that the revelations spur on a renewed drive to agree the Regulation in the autumn but equally they could be another complication making agreement even more difficult to achieve.
For our part we are still hopeful that we will see a new and sensible framework emerge. Modernisation of the law is needed. As the three-way negotiations between the Commission, the Council and the Parliament get underway we shall be keeping a close watch on any developing consensus and doing what we can, particularly through the Article 29 Working Party. It’s crucial that it is not just a political result but also a result that genuinely enhances the protection of everyone’s personal information while providing a clear, proportionate and workable solution for businesses to apply.
And what of the proposed Directive for the law enforcement and justice sector? Officially this is still part of the reform package but progress is even slower than with the Regulation. Maybe it will catch up in the end but even those who are confident about the future of the Regulation have their doubts that this Directive will ever see the light of day.
Overall, we are still of the view that there is more to be welcomed than rejected in this proposal for reform and are hopeful that the negotiation process will be successfully completed ahead of the European parliamentary elections next Spring. In the meantime the best way that organisations can prepare for the new regime is to make sure that their data protection houses are fully in order under the current regime!
|As well as providing Data Protection leadership across the ICO, David Smith has direct responsibility for oversight of its Strategic Liaison Division which develops and manages the ICO’s relations with its key stakeholders.|