Data Protection: Legislative Procedure

From La Quadrature du Net
Revision as of 17:46, 6 February 2013 by Arthur (talk | contribs) (Created page with "This page lists the EU Parliament committees' opinion regarding the [ General Data Prote...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

This page lists the EU Parliament committees' opinion regarding the General Data Protection Regulation proposed by the Commission.



Three amendments (1) were aimed to prevent children from being subject to profiling, but they fell as the Compromised Amendment 9 (2) was voted by the ALDE, EPP, ECR and EFD. This compromised amendment completely undermines Article 20, to the point that this article cannot prevent any form of profiling anymore, but merely prohibits unfair and discriminatory decisions based on automated process of personal data. It is such a change that  the article 20 even switches its title from ‘profiling’ to ‘automated process’ (290).

1: IMCO draft opinion: amendment 293 proposed by Schaldemose, Hedth, Stihler (S&D); amendment 298 proposed by Corazza (EPP); amendment 313 proposed Engström (Greens).

2: Compromised amendment based on amendments 290, 294 and 295 proposed by Harbour and Bielan (ECR) in IMCO draft opinion.

However, amendment 233 proposed by Engström (Greens) still sets a right to object to profiling, defined by

Data breach notification

Compromised amendment 10 (3)  limits controllers’ obligation to notify to the breaches of significant effect and dismisses their obligation to notify within a 24 hours delay.

3: Based on Amendment 358 proposed by Schwab and Trzaskowski (EPP) and Voted by ALDE, EPP, ECR and EFD.


One of the major features of the Commission's Proposal Regulation is to require from the data subject a consent which is specific, informed and explicit. Requiring an explicit consent appears to be the most effective way to safeguard privacy. But the only amendment IMCO voted about consent was to redefine it as having to be given 'as explicit as possible according to the context', giving processors countless ways not to seek data subject's explicit consent.

Right to be forgotten and to erasure

Compromised amendment 8 (4) provides that a controller doesn't have to take all reasonable steps to inform third parties that a data subject has requested them to erase the data they hold where this data subject gave his consent to this controller to make these data public.

4: voted by Greens, S&D, ALDE, EPP, ECR, EFD


Compromised amendment 5 (5) provides that anonymous data (which cannot be attributed to anyone) are set out the scope of the regulation.

5: voted by Greens, S&D, ALDE, EPP, ECR, EFD