Originally scheduled to take place in April, the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE) is now set to vote on the General Data Protection Regulation in October. This article provides a brief update on the events which have hindered the file's progress and the current state of legislative deliberation.
Progress to date
Following the publication of the European Commission's proposals to revise and update the EU's data protection framework in January, Rapporteur for the lead LIBE Committee, MEP Jan Philipp Albrecht (Greens/EFA, Germany), embarked upon an ambitious legislative schedule, seeking to finalise the legislation by the end of the current Parliamentary term. However, the file has proved to be highly controversial and, following the publication of the draft report, over 3000 amendments have been submitted. Furthermore, intense debate between individual MEPs has been reported, in particular between Rapporteur Albrecht and MEP Sarah Ludford (ALDE, UK), who exchanged heated remarks following an interview with Albrecht published in the EU Observer.PRISM and data protection
The progress of the General Data Protection Regulation (GDPR) has also been slowed by the emergence of the PRISM scandal, in which the sensitive data of EU citizens and residents appears to have been monitored by United States intelligence services. This has not related directly to health (although the exact scope of the types of data accessed remains unclear) but it has highlighted the limits and loopholes of the current legal framework and prompted a focus on the relevant elements of the current proposals. Some MEPs have been calling for a reinstatement of an Article 42 provision on 'anti-snooping' and the debate on cooperation between private sector organisations and law enforcement continues.Draft report of Council
On 31 May 2013 the Irish Presidency of the Council of the EU published a note and a draft report, amending the Commission proposals in accordance with Council discussions and member state positions at this stage. Most notably, it lists eight delegations who retain a reservation on the legal form of the proposal, preferring a Directive to a Regulation. It also changes the focus of the text, taking a more risk-based approach. Of importance for health stakeholders, the Council text adds a provision in Article 4(2a) defining pseudonymous data as a sub-category of personal data and therefore providing less stringent controls over certain data usage. It also substitutes the term 'unambiguous' for 'explicit' in the consent provisions, whilst retaining the latter for special categories of data identified in Article 9, which includes health data.
Next steps
The trialogue discussions are likely to begin in the next few weeks, seeking to iron out some of the disagreements and conflicts between the amendments, and the LIBE Committee vote is now planned for October 2013.
EPHA related articles:
[EPHA Briefing] General Data Protection Regulation
EPHA position on General Data Protection Regulation
European Parliament Civil Liberties Committee discusses amendments to the General Data Protection Regulation (GDPR)
[Special Summary] EU General Data Protection Regulation and Health Research