EU Issues Overview – 9 – 15 April 2016 Thumbnail
Newsletters 18 April 2016

EU Issues Overview – 9 – 15 April 2016

Data protection

EU: The General Data Protection Regulation has reached final approval after five years underway

  • On 14 April, Members of the European Parliament approve the General Data Protection Regulation (GDPR), which had been in negotiations over the last four years. Jan Philipp Albrecht (DE, Greens), main rapporteur on the file, stated that in his opinion, this adoption is a huge step forward for the European Union and fundamental rights in the EU […] and will help Europe’s digital market grow and maybe even dominate global data protection issues. Figures revealed that the GDPR has been the piece of legislation since the beginning of the European Union with the highest number of amendments in the European Parliament, amounting to 3,999. 
  • Two days before the full plenary vote, the GDPR was voted in Committee, 50 votes in favour to 3 votes against, with only one abstention in the Civil Liberties, Justice and Home Affairs Committee. Late Friday 8 April, the Council had put their stamp of approval to the GDPR. 
  • The Regulation must be implemented by national authorities by mid-2018, when Data Protection Authorities will begin to scrutinize companies for compliance, who could face fines up to 20 million euros, or 4 percent of their global sales for breach of the new rules.

EU: Stakeholders urge for good enforcement and alignment of the General Data Protection Regulation

  • With the approval of the General Data Protection Regulation by the European Parliament on 14 April (GDPR), the European Commission has now started the evaluation and review of the ePrivacy Directive, and lunched a public consultation on 11 April. The European Commission have announced a legislative proposal for December 2016. 
  • Stakeholders are pushing for a quick reform of the e-privacy rules, which have become outdated with the extension of the scope of the GDPR to new players such as internet providers, online services and intermediaries. 
  • In the meantime, stakeholders are being wary about how national privacy watchdogs will translate the General Data Protection Regulation into national law, despite its direct implementing nature as a regulation. In fact, important clauses of the regulation have either been left open to each Member State, such as the age threshold which ranges between 13 and 16 years old, and other clauses the European Commission will need to draft into delegated and implementing acts, such as the decisions on the so-called adequacy of privacy laws of non-EU countries.

EU: Article 29 Working Party gives a balanced assessment of the EU-US Privacy Shield

  • On 13 April, the EU’s Article 29 Working Party (WP29), representing the European Data Protection Authorities (DPA), published its long-awaited opinion on the proposed EU-US Privacy Shield draft adequacy decision. The WP29 welcomed the significant improvements contained in the Privacy Shield as a positive step forward, however deemed it unnecessarily complex, still lacking clarify with certain terms used inconsistently. Isabelle Falque-Pierrotin, Chair of the French data protection authority (CNIL), urged the Commission to identify appropriate solutions to existing concerns and provide clarifications to improve the draft adequacy decision and ensure equal levels of protection in the US and the EU, although not being a binding opinion. 
  • On the commercial aspects, the WP29 have specifically criticized that some key EU data protection principles are not sufficiently reflected in the Privacy Shield or have been “inadequately substituted by alternative notions”. Other concerns are that the recourse mechanisms available to EU data subjects are deemed too complex, i.e. national data protection authorities should be data subjects’ first contact point. 
  • In terms of national security guarantees, the WP29 warned against insufficient guarantees to ensure that the ombudsperson, currently Catherine Novelli, is fully independent. Falque-Pierrotin explained that the Privacy Shield does not have enough security guarantees in the status of the ‘[person],’ The fact that the Privacy Shield allows for six broadly defined exemptions of bulk data collection also poses a risk for citizens’ privacy.
  • The WP29 concluded that it has not been provided with enough information to carry out a full assessment on the accessibility, necessity and proportionality of the US rules governing law enforcement access to data and the availability of effective remedies to data subjects.

EU: The EU-US Privacy Shield under tight timeline to include comments of Working Party 29

  • The European Commissioner for Justice, Consumers, and Gender Equality, Věra Jourová, in reaction to the opinion, stated that the Commission will work to include the recommendations raised by the Working Party, and plans to do so before the Article 31 Committee meetings, comprising member state representatives, and scheduled on 29 April and 19 May. The Committee’s vote is expected to take place during the May meeting.
  • According to Commissioner Věra Jourová, the Commission is still aiming to adopt the Privacy Shield adequacy decision by June 2016.

US: Americans split between strong critics and endorsement of the EU-US Privacy Shield and its Opinion

  • American stakeholders on the other hand were more cautious to the developments of the EU-US Privacy Shield agreement. Amongst the stakeholders, the Information Technology and Innovation Foundation voiced its opinion that future improvements to the Privacy Shield will not necessarily entail an immediate agreement. 
  • Reporting on the Opinion of the Article 29 Working Party, American newspapers such as the NY Times and Bloomberg also gave a less encouraging picture of the situation. However, as one of the first major endorsement of the EU-US Privacy Shield, John Frank, Vice President of EU Government Affairs of U.S. company Microsoft, pledged to commit to the agreement and encouraged other companies to commit.

Online platforms

UK: House of Lords with publish results from inquiry into Online Platforms on 20 April

  • On 20 April, after a couple of month underway, the House of Lords’ sub-committee on the Internal Market, chaired by Lord Whitty, will launch its results of the inquiry into Online Platforms and the Digital Single Market. On the day of the results, TechUK is organising an ev ent around the various European inquiries into online platforms. 
  • The results come in the run up of the European Commission’s own review into the role of online platforms. On 12 April, Vice-President Andrus Ansip gave a first understanding of the European Commission’s position on online platforms on his twitter account, expressing that their political approach to platforms in Europe is problem-driven, and not horizontal. Earlier that day, he had already confirmed to keep the principle of keeping the safe haven provision intact.


EU: The Directive on Passenger Name Record approved in the European Parliament

  • On 14 April, in parallel to the vote on the General Data Protection Regulation, Members of the European Parliament also approved a controversial data protection directive, namely the Passenger Name Record Directive (PNR). It was approved by 461 in favour to 179 against, and 9 abstentions.  Prior to the vote, French Prime Minister Manuel Valls decided to speak at the European Parliament to ensure the adoption of the Directive. 
  • During negotiations the PNR Directive was targeted and criticised by many national privacy watchdogs as a breach of privacy, and a seized opportunity by many Member States to increase their security measures and responsibilities. The Brussels terrorist attacks which caused 32 deceased led policymakers to speed up the process.

Related articles

Newsletters 3 April 2020

Kilima: Highlights from ISOC Africa – March 2020

Africa Regional Bureau Newsletter for March 2020

Newsletters 3 February 2020

Kilima: Highlights from ISOC Africa – January 2020

Africa Regional Bureau Newsletter for January 2020

Newsletters 12 December 2019

Kilima: Highlights from ISOC Africa – November 2019

Africa Regional Bureau Newsletter for November 2019