The European Commission’s Data Protection Reform Proposal came under fire in a just-issued report by the UK House of Commons Justice Committee that called the proposed Regulation “overly prescriptive” and lacking “flexibility or discretion” for data controllers and regulators. While The UK Justice Committee report concludes that a Regulation is necessary in order to update the 1995 Directive, and to account for the rapidly changing technological environment and address individuals’ rights, it does not believe that the current proposal is “proportionate, practicable, affordable or am effective system of data protection in the EU.”
EU Justice Commissioner Viviane Reding recently responded to similar criticism from Member States by outlining three key areas where flexibility could be added to the Commission’s existing draft data protection reform. Commissioner Reding’s announcement came during the Justice Council Meeting on October 26, 2012 in Luxemburg, several days before the EU Justice Committee released its report.
First, the Commissioner highlighted the reform’s intention to further reduce administrative burdens on companies and asserted the potential to broaden SME exemptions by taking an approach that accounts for the amount and sensitivity of the data processed.
Second, the Commissioner conceded that the delegated and implementing acts foreseen by the Regulation should be reviewed “one by one” and limited to cases in which they are “truly necessary.” However, Citing that Delegated and implementing acts are necessary in certain circumstances, Commissioner Reding proposed three specific review criteria that should determine each case. The Commissioner believes these criteria could lead to a reduction of Commission empowerment by 40%: (1) “need to avoid fragmentation”, (2) “the need to supplement rather than amend the regulation”, and (3) “maintaining the technologically neutral character of law.”
Third, the Commissioner acknowledged that specific rules for public sector data processing are necessary in some cases; and that the Commission is willing to introduce more legislative flexibility on this point. However, Commissioner Reding believes that this necessary flexibility can and should be achieved through regulation and asserts that the Commission’s draft “already foresees 20 cases in which specific rules are adapted to the public sector.”
It is unclear how the UK Justice Committee’s report, which largely calls for the Draft Data Protection Reform to be re-written, will affect current discussions in the EU Parliament and Council.