EU General Data Protection Regulation

In mid-March, the European Parliament voted for the proposed European General Data Protection Regulation. This development ensures that the regulation – which has been in legislative limbo for over two years – remains on the table, even after the parliamentary elections in May.

According to Jan Philipp Albrecht, spokesperson for the regulation:

“I have a clear message to the council: Any further postponement would be irresponsible. The citizens of Europe expect us to deliver a strong EU-wide data protection regulation. If there are some member states which do not want to deliver after two years of negotiations, the majority should go ahead without them.”

The EU Justice Commissioner Viviane Reding also expressed her support for the vote:

“The message the European Parliament is sending is unequivocal: This reform is a necessity and now it is irreversible. [The vote] will make life easier for business and strengthen the protection of our citizens.

Other implications of the vote were raised during a plenary debate. The European Parliament decided to strengthen protections around data transfers of EU citizens’ data to non-EU countries; increase the potential fines to firms in breach of the regulation to €100 million, or 5 percent of global turnover; and ensure EU citizens have a right to be forgotten and to not be profiled.

Currently, the European Parliament is waiting on the Council of the European Union to define its position. Once it does so, both sides will be able to negotiate terms.


According to Monika Kuschewsky, special counsel at Covington & Burling, “The vote sends a strong signal in support of the proposed General Data Protection Regulation to the council, which still has not agreed on a common position. The ball is now in the council’s court.”

In order to become law, the proposed regulation must be adopted by the Council of Ministers using the “ordinary legislative procedure.” On March 4, 2014, ministers met to discuss the reform and “broadly supported the principle that non-European companies, when offering goods and services to European consumers, will have to apply the EU data protection law in full.” The next ministers’ meeting is scheduled for June 2014.

According to European data protection advocate and privacy lawyer Eduardo Ustaran,

“On the whole, the EU Parliament’s text represents a powerful statement in favour of people’s ability to control their own data. The Parliament has carefully refined the data protection rights of individuals by trying at all times to put people in a position of power in terms of the uses made of their data.”

However, there is no real way to predict the trajectory of data protection reform in Europe in the upcoming months. Ustaran commented, “… now it is up to the Council of the EU to soften these provisions with a view to adopting a less stringent law within a year or so from now.”


In early March 2014, the European Parliament overwhelmingly voted in favor of the proposed European General Data Protection Regulation. While the regulation has been in the legislative process for over two years, the results of this vote will ensure that it remains on the table, even after the parliamentary elections in May.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/European Privacy (CIPP/E), a privacy professional should be comfortable with topics related to this post, including:

  • European Parliament (I.B.c.)
  • European data protection – legislative framework (I.C.a.-I.C.e.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>