The EU Data Protection Regulation: timing

As we’re all aware the new Data Protection Regulation (the Regulation) was announced to much bombast a little over a year ago.  Of particular note was the aggressive timeframe for agreement and adoption that Viviane Reding was pressing.

Following on from our post below, and with today’s deadline for MEPs to propose further amendments to the draft report of the Committee on Civil Liberties, Justice and Home Affairs (LIBE) – the lead review committee, it seemed an appropriate opportunity to check where we are in the process and briefly review the factors that will determine the Regulation’s passage into law, including the chances of its adoption ahead of the European Parliament’s re-election in June 2014. 

Recent Developments

In June last year, rapporteur for LIBE, Jan Philipp Albrecht, issued a timetable that listed the key events in the process of enacting.  The following points should be noted:

  • in his timeline, the LIBE draft report’s publication was November 2012.  This was delayed until 17 December;
  • as a result, the deadline for tabling amendments to this report was pushed back from December 2012 to 27 February 2013;
  • given these delays, the Regulation’s readiness for “Trilogue” (i.e. the meetings of the European Commission, Council and Parliament, where final agreement on the wording is reached), originally pencilled in for Summer 2013, would seem likely to be delayed until Autumn 2013 at the earliest. 

This would seem to make any vote in plenary (i.e. vote to adopt the Regulation following the trilogue discussions) before the start of 2014 unlikely.

Even these timelines will only remain on track if the remaining stages in the committee review process aren’t delayed any further.  There is a discussion of the amendments to the report in LIBE Committee; a discussion with the four other committees reviewing the Regulation; and then the orientation vote of the LIBE Committee

If these stages are subject to further delay, there may be a limited window in which to schedule adoption before MEPs focus on their re-election campaigns from spring 2014. 

If a vote in plenary is achieved in time (and assuming the two-year implementation period for implementation is retained) it may be that the Regulation could be in force by early 2016.   However, if this shrinking window is missed, and adoption of the Regulation is pushed back until after re-election, implementation may not be finalised until around 2018. 

Ireland to the rescue?

At this point, it is difficult to assess whether the draft’s Regulation’s progress will be subject to further delays. 

However, a glimmer of hope for the Regulation’s swift progress is Ireland’s position as President of the European Council until 30 June 2013 which may give momentum to the process. 

With its cool climate, technological infrastructure and government initiatives, Ireland is fast becoming a key hub in Europe for data centres.  Over 25 leading technology multinationals (including Microsoft, IBM, Google, Intel, Twitter Amazon, Yahoo!, EMC2, BT, HP and Vodafone) have databases and operations in Ireland.  This puts it in a unique position to lead negotiations on the Regulation, much of which will be undertaken by the European Council over the next few months. 

If they prioritise the Regulation, and keep the process on schedule, a final vote before June next year may well be achievable.

Simon Elliott

About Simon Elliott

Simon focuses on advising multinational corporates on a wide range of data protection and technology law issues.

Full bio