September update on draft EU Data Protection Regulation | DMA

Filter By

Show All
X

Connect to

X

September update on draft EU Data Protection Regulation

Legal header

The Ministerial reshuffle earlier this month sees Helen Grant MP replace Lord McNally as data minister at the Ministry of Justice (MoJ). Meanwhile in Brussels, the Committee on Civil Liberties, Justice and Home Affairs (LIBE) is in the process of drafting its report on the proposed EU Data Protection Regulation.

The UK is pushing for a Directive rather than a Regulation, which would give Member States more leeway in the transposition to national law. The ICO has revealed that complying with the Regulation in its present form would require a 187% increase in ICO resources. Here’s an update on key developments here in the UK and in Brussels.

The UK

New data minister
A change in responsibilities at the Ministry of Justice (MoJ) following the Ministerial reshuffle in early September sees a new data minister appointed. Lord McNally remains as a Minister at the MoJ, but responsibility for data protection policy is being transferred to his new colleague, Helen Grant, who has been appointed Parliamentary Under-Secretary of State at the MoJ. She is the Conservative MP for Maidstone and the Weald, elected in 2010. Aged 51, this is her first ministerial job: before entering Parliament she was a practising solicitor.

UK data group
This group of advertisers and marketers, organised under the umbrella of the Advertising Association, is chaired by the DMA. They met in early September to discuss plans for the Ministerial Roundtable taking place on 23 October. The roundtable will focus on raising industry concerns about the definition of personal data and the consent requirements in the draft Regulation. The Group has also prepared some proposed amendments to the text of the Draft Regulation, which will be used to set out our position with UK Government and to influence MEPs.

The collective lobbying will focus on the definition of personal data; profiling; consent; the impact on SMEs; and compliance costs. The Group is also mapping contacts with key individuals in the EU Council and Parliament, to share intelligence and coordinate lobbying activity.

Commons Justice Select Committee
The Justice Select Committee is undertaking a short inquiry into the proposed Data Protection Regulation (as well as the Directive). Microsoft and FSB, the ICO, Which? and Privacy International, the Commission, and Lord McNally have all been witnesses at the three oral evidence sessions, which have taken place. The DMA submitted evidence to the Committee.

The Committee’s questions have focused on bureaucratic burdens, the benefits of harmonisation and the right to be forgotten. The ICO revealed in its session that a minimum cost for compliance with the Regulations requirements would require a 187% increase in ICO resources. The ICO was also concerned that if it lost discretion as to whether or not fine in the text of the Regulation, it would only be able to punish organisations for breaches, and not advise and assist as it currently does.

When the Minister, Lord McNally, appeared before the Committee, he emphasised that the UK Government wanted to see “a lighter touch” and “a more flexible system that could give the benefits of harmonisation without over-bureaucratising and over-burdening business… something that doesn’t impede entrepreneurship by either large or small companies but does get the balance right in terms of protecting the privacy of the citizen.” His officials said that that they did not think the Commission’s estimated savings for businesses in Europe were reasonable or achievable.

The Committee has now finished taking oral evidence and will be producing its Report in October.

MoJ data protection advisory panel
The DMA has been invited by the Ministry of Justice to join its new Data Protection Advisory Panel to discuss and advise on the proposed Regulation. The Group’s membership will comprise senior figures representing a wide range of interests in data protection across business, consumer interest and rights groups.

In Brussels

Council of Ministers Working Group
The Working Group on Information Exchange and Data Protection (DAPIX) in the European Council met at the beginning of September and will meet again on 25-26 September. There are another four meetings scheduled until the end of the year. To this point, DAPIX has managed to read through the first 27 of 91 Articles of the Regulation. Initial reports indicate that the UK Government (and other Member States) is taking a fairly positive and business-friendly stance. Many object to the amount of delegated legislation proposed by the Commission, finding their approach too prescriptive and possibly counter-productive to their stated aims. The UK is pushing for a Directive rather than a Regulation, which would give Member States more leeway in the transposition to national law.

Additionally, the Justice and Home Affairs Council will discuss the proposed Regulation on 6-7 December. The Cypriot Presidency still seems very keen on entering early dialogues with the Parliament in order to reach preliminary agreements on the articles that have been discussed in the Council. FEDMA will be meeting with a Cypriot DAPIX representative on 3 October to seek an update on the current state of play, particularly with respect to the discussions on the definition of personal data and the consent requirements.

European Parliament
The European Parliament has now returned from recess. The Committee on Civil Liberties, Justice and Home Affairs (LIBE) – which is responsible for drafting the Parliament’s response to the draft Regulation – is in the process of drafting their report on the proposed legislation. This is likely to be published in December, with amendments to the text in December/January and the Committee stage from January to April 2013.

Four other Committees will also be producing Opinions on the proposal, and the DMA, FEDMA and the Advertising Association are currently arranging meetings with the key individuals in these Committees. The Irish MEP Sean Kelly, the Rapporteur for the draft opinion of the Committee on Industry, Research and Energy (ITRE) has said that he would look into facilitating an industry-focused workshop in Parliament that would centre on the issues of the definition of personal data and consent requirements.

CBI delegation on proposed regulation
The DMA participated in an event which the CBI organised in the European Parliament on 19 September, to discuss the impact of the proposals on the UK with Members of the European Parliament (MEPs), the Ministry of Justice and the ICO. There are a number of key areas where MEPs are willing to consider amendments.

These include the time in which data security breaches have to be notified to national data protection authorities, the prescriptive nature of the clauses dealing with penalties/fines for breaches of the Regulation, the requirement to obtain consent each time, the ‘right to be forgotten, and issues around the proportionality of processing and the use of personal information.

Following the briefing in the Parliament, there was an opportunity to discuss the data protection proposals with Francoise Le Bail, Director General of DG Justice, European Commission. Both meetings were positive. The CBI says that it will “continue to highlight that a revision of the current framework is welcome, but more work needs to be done to avoid creating headaches for consumers and businesses alike”.

Contact Caroline Robberts, 020 7291 3346

Hear more from the DMA

Related Articles

A new government brings new legislation, and in the world of marketing, data protection is always on the front line. We dissect the implications of these legislative changes, providing you with insights to navigate this regulatory landscape.

what uk marketers need to know DMA.png

This article is written by MBA Group Ltd.

priscilla-du-preez-tAnrp8P51tY-unsplash.jpg

As abandoned baskets reach the highest levels in a decade, how can you make sure your customers successfully checkout?

hero-man-thinking-about-making-a-purchase.webp

Businesses must be ethical in their telemarketing practices to protect customers from unwanted, intrusive, or deceptive calls, ensuring their privacy and well-being are respected. Read how

Depositphotos_718680692_S.jpg