Privacy & Information Security Law Blog

On June 6, 2014, Viviane Reding, Vice-President of the European Commission and EU Commissioner for Justice, outlined the progress that has been made with respect to the proposed EU General Data Protection Regulation (the “Proposed Regulation”) in a meeting of the Council of the European Union, acting through the Justice Council (the “Council”). In particular, the Council has agreed on two important aspects of the Proposed Regulation.

On April 10, 2014, the Article 29 Working Party (the “Working Party”) issued a letter (the “Letter”) to Viviane Reding, Vice-President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship, expressing its views on the European Commission’s ongoing revision of the EU-U.S. Safe Harbor Framework.

On January 28, 2014, Data Protection Day, Vice-President of the European Commission and Commissioner for Justice Fundamental Rights and Citizenship Viviane Reding gave a speech in Brussels proposing a new data protection compact for Europe. She focused on three key themes: (1) the need to rebuild trust in data processing, (2) the current state of data protection in the EU, and (3) a new data protection compact for Europe.

On October 21, 2013, the European Parliament approved its Compromise Text of the proposed EU General Data Protection Regulation (the “Proposed Regulation”). The approval follows months of negotiations between the various parliamentary committees. The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) has been in charge of working toward an agreement on the Compromise Text in the European Parliament.

On September 6, 2013, Vice-President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship Viviane Reding traveled to Berlin where she commented on the status of the negotiations on the proposed EU General Data Protection Regulation (the “Proposed Regulation”). Commissioner Reding indicated that she was looking for Germany to become involved in the discussions about the Proposed Regulation at the highest level, and she argued in favor of stricter regulations given recent revelations about surveillance programs such as PRISM. Because the vote on the Proposed Regulation only requires a majority to pass, she also emphasized that it would not be necessary to obtain the agreement of all of the EU Member States (for example, the UK or Ireland).

On July 18-19, 2013, the European Union Justice and Home Affairs Council held an informal meeting in Vilnius, Lithuania, where Viviane Reding, Vice-President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship, openly criticized the U.S.-EU Safe Harbor Framework.

On June 6, 2013, the European Union’s Justice and Home Affairs Council held legislative deliberations regarding key issues concerning the European Commission’s proposed General Data Protection Regulation (the “Proposed Regulation”). The discussions were based on the Irish Presidency’s draft compromise text on Chapters I to IV of the Proposed Regulation, containing the fundamentals of the proposal and reflecting the Presidency’s view of the state of play of negotiations. At the Council meeting, the Presidency was seeking general support for the conclusions drawn in their draft compromise text on the key issues in Chapters I to IV.

On May 31, 2013, the Council of the European Union’s Justice and Home Affairs released a draft compromise text in response to the European Commission’s proposed General Data Protection Regulation (the “Proposed Regulation”). This compromise text narrows the scope of the Proposed Regulation and seeks to move from a detailed, prescriptive approach toward a risk-based framework.

On March 8, 2013, the European Union’s Justice and Home Affairs Council held legislative deliberations regarding the European Commission’s proposed General Data Protection Regulation (the “Proposed Regulation”).

On October 26, 2012, following the Justice Council’s meeting, Viviane Reding, Vice-President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship, delivered a speech highlighting that the Commission’s proposed data protection law reform package is currently at a crucial stage in the negotiation process. Commissioner Reding stated that “[a] high level of data protection will turn the European Union into an international standard setter” and that “[o]nly a high level of data protection will generate trust between citizens and private enterprises.” Commissioner Reding conceded, however, that “[w]e do not want rules that place an excessive burden on business,” and that the Commission is prepared to make certain concessions relating to the draft proposals in order to “strike the right balance.”

On March 19, 2012, the European Commission hosted this year’s Safe Harbor Conference in Washington, D.C., to address the transfer of data from Europe to the United States. Although it appears the Safe Harbor framework will remain unchanged for the time being, it seems unlikely the United States will be considered adequate, or even interoperable, with the EU for purposes of cross-border data transfers.

As reported in BNA’s Privacy Law Watch, EU Member States are working on an overarching privacy framework agreement with the United States. The framework agreement, which may be used as a starting point for future negotiations, aims to reduce the amount of time and resources required to prepare new agreements between the European Union and the United States.

According to a spokesperson at the European Commission, the publication of the proposal for the review of the EU Data Protection Directive (95/46/EC) has been postponed until late February or March 2012. The draft proposal was scheduled to be officially released in late January after it was leaked in December 2011. According to various sources, the proposal received negative responses from several Directorates-General over the course of the “inter-service consultation,” some of whom have voiced their concern that the proposed new framework would be stricter than the current legal framework and thus may have a negative impact on businesses. For example, parts of the proposal, such as the right to be forgotten, are viewed by some as potentially too burdensome for companies.

Shortly before Viviane Reding, Vice-President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship, gave her keynote address on binding corporate rules (“BCRs”) at the IAPP Europe Data Protection Congress in Paris, Hunton & Williams co-authored two articles on BCRs with the French Data Protection Authority (“CNIL”):

In early December 2011, drafts of two legal instruments prepared by DG Justice of the European Commission to reform the EU data protection framework entered interservice consultation. This process will give other Directorates-General of the Commission the opportunity to comment on the drafts before they are formally released as legislative proposals; accordingly, changes to the drafts are likely. Following this comment period, the drafts will enter the EU legislative process, which is likely to take at least two to three years before they become law. It is believed that Justice Commissioner and Commission Vice-President Viviane Reding will formally announce final versions of the drafts at an appearance at the World Economic Forum in late January 2012.

On November 29, 2011, at the International Association of Privacy Professionals (“IAPP”) Europe Data Protection Congress in Paris, France, Viviane Reding, Vice President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship, provided insight into details of the proposals for the revised EU data protection framework. She focused explicitly on solutions for international data transfers, promoting Binding Corporate Rules ("BCRs") as a solution that can offer a simplified, yet comprehensive, structure for safeguarding international flows of data. Commissioner Reding referred to BCRs as offering the possibility of consistent enforcement and legal certainty, without stifling innovation.

Speaking at the British Bankers’ Association’s Data Protection and Privacy Conference in London on June 20, 2011, Viviane Reding, Vice President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship, signaled her intention to streamline data protection to “simplify the regulatory environment” and “substantially reduce the administrative burden” for businesses.  In return, Reding expects businesses to ensure “safe and transparent digital products and services.”

On March 16, 2011, a meeting of the “European Privacy Platform” group of the European Parliament was held in Brussels.  The meeting provided important insights into the likely structure and content of proposed revisions to the European Data Protection Directive 95/46/EC that the European Commission has been working on for the past several months.

On January 11, 2011, Michelle O’Neill, U.S. Department of Commerce Deputy Under Secretary for International Trade, held a briefing on her November 2010 meetings in Brussels with European data protection authorities.  She discussed a data protection and privacy forum that was convened in November at which she met with several high-level European regulators, including Jacob Kohnstamm, Viviane Reding and Peter Hustinx.  O’Neill mentioned “the right to be forgotten” as a current hot-button issue in Europe.  Commissioner Reding, who is firmly in charge of the reconsideration of the EU Data Protection Directive, focused on ensuring easier compliance with EU data protection rules and greater harmonization among Member States.  O’Neill stated that Peter Hustinx was encouraged by the work ongoing in the United States, including the “Green Paper” issued by the Department of Commerce.  He considers the various U.S. efforts a basis for further dialogue with U.S. authorities.  O’Neill noted that comments to the EU consultation are due January 15, 2011.  The Department of Commerce intends to file a response.

In a letter to the U.S. Federal Trade Commission dated May 26, 2010, the Article 29 Working Party expressed concerns regarding the retention and anonymization policies of Google, Yahoo! and Microsoft.  Specifically, the Working Party requested that the FTC examine the compatibility of the three search engine providers’ actions with provisions of Section 5 of the FTC Act which prohibits unfair or deceptive trade practices.

On January 12, 2010, Ms. Viviane Reding, Commissioner-designate for Justice, Fundamental Rights and Citizenship, was questioned during a public hearing before the European Parliament.  During this hearing, Ms. Reding revealed her priorities in the field of privacy and data protection.  “Fundamental rights and data protection will be top of the line” said Ms. Reding, who explained that she intends to incorporate the EU’s data protection rules into a modern and comprehensive legal instrument.