Data Protection: Legislative Procedure
This page lists the EU Parliament committees' opinion regarding the General Data Protection Regulation proposed by the Commission.
Sommaire
Understanding Compromised Amendments
On 25 January 2012, the European Commission issued a proposal for a Regulation on Data Protection, aimed to repeal the 1995 Directive on Personal Data Protection and to offer better protection to data subjects. The European Parliament LIBE committee was chosen to propose, on 24 and 25 April, the amendments that will be added to the proposal. Then, the Parliament will vote the Regulation with its amendments on plenary later this year.
Until then, four other committees will assist LIBE by issuing their own opinion on the amendments they think wise to propose. On 23 January 2012, IMCO, the first committee to be solicited, issued its opinion. On 21 February, ITRE and JURY will issue theirs and JURI will finally issue its on 18-19 March.
For instance, ITRE members has already proposed almost a thousand amendments. On 21 February, ITRE will have to vote whether to incorporate each one of them into its final opinion or not - which would take an unnecessarily high amount of time and effort. Thus, several amendments being often aimed to modify the same article of the Regulation, committee's members can avoid to vote multiple times on the same issues by gathering these amendments around a single « compromised amendment » - that will only be voted once and, if voted, make the other amendments being automatically rejected.
As such, a compromised amendment's main purpose could seem to be to shorten the debate's duration. But the amendments that can be rejected because of its vote may have actually matter, as some of them may provide some unique approaches on critical issues. Thus, compromised amendments could easily be used to water down such approaches and to promote others and must be observed as such. Finally, their content having been negotiated by the whole committee, compromised amendments may provide some clues on the major amendments it will ultimately vote.
IMCO
Profiling
Three amendments Erreur de référence : Balise <ref> incorrecte ;
le nom ne peut être un entier simple. Utilisez un titre descriptif were aimed to prevent children from being subject to profiling, but they fell as the Compromised Amendment 9 Erreur de référence : Balise <ref> incorrecte ;
le nom ne peut être un entier simple. Utilisez un titre descriptif. This compromised amendment completely undermines Article 20, to the point that this article cannot prevent any form of profiling anymore, but merely prohibits unfair and discriminatory decisions based on automated process of personal data.
It is such a change that the article 20 even switches its title from ‘profiling’ to ‘automated process’.
However, amendment 233 proposed by Engström (Greens) still sets a right to object to profiling.
Data breach notification
Compromised amendment 10 Erreur de référence : Balise <ref> incorrecte ;
le nom ne peut être un entier simple. Utilisez un titre descriptif limits controllers’ obligation to notify to the breaches of significant effect and dismisses their obligation to notify within a 24 hours delay.
Consent
One of the major features of the Commission's Proposal Regulation is to require from the data subject a consent which is specific, informed and explicit. Requiring an explicit consent appears to be the most effective way to safeguard privacy. But the only amendment IMCO voted about consent was to redefine it as having to be given 'as explicit as possible according to the context', giving processors countless ways not to seek data subject's explicit consent.
Right to be forgotten and to erasure
Compromised amendment 8 (voted by Greens, S&D, ALDE, EPP, ECR, EFD) provides that a controller doesn't have to take all reasonable steps to inform third parties that a data subject has requested them to erase the data they hold where this data subject gave his consent to this controller to make these data public.
Anonymity
Compromised amendment 5 (voted by Greens, S&D, ALDE, EPP, ECR, EFD) provides that anonymous data (which cannot be attributed to anyone) are set out the scope of the regulation.
