Following a meeting of the European Council in Brussels last week, there has been widespread speculation that the implementation date for the new EU Data Protection Regulation will be delayed until 2015. This is based on a paper published by the European Council on 25 October 2013 in which reference was made to the “timely adoption of the strong EU General Data Protection framework and the Cyber-security Directive” to be “essential for the completion of the Digital Single Market by 2015”. Previously, it was widely expected that agreement would be reached on the revised data protection legislation by spring 2014 (the date of elections to the European Parliament).
Whether such comment speculating on potential delay is justified remains to be seen. What is clear is that the UK Government has had some success in lobbying and arguing that the implementation of the Regulation in its current form may harm the interests of business. In addition, the European Parliament’s Civil Liberties, Justice and Home Affairs (LIBE) Committee has put forward a compromise text on the Regulation. LIBE’s proposed text introduces some significant amendments, such as revisions to the right to be forgotten (now renamed as the “right to erasure”) and the right of data controllers to profile data subjects on the basis of the data they hold about them. The LIBE amended text also features an increase in the maximum fine to be imposed on businesses in breach of the new Regulation, from 2% to 5% of annual worldwide turnover.
Much of the detail is yet to be agreed, but it is not out of the question that agreement could still be reached by spring 2014. We will keep an eye on developments and update as the likely timetable becomes clearer.