ANALYSIS: The EU Council’s Conclusions on the Commission’s Communication on Revising EU Data Protection Law — Why Did They Bother?
By Andrew Hobson, of Reynolds Porter Chamberlain LLP, London.
The super tanker that is the European Union legislative process is currently trying to turn itself round with a view to revising data protection law. The current Data Protection Directive (95/46/EC) dates back to 1995. It was, of course, prepared much earlier and reflects the state of technology in the late 1980s and the dawn of the 1990s, rather than today’s Facebook and cloud computing world. The Privacy and Electronic Communications Directive (2002/58/EC) is, of course, more recent, but its effect is that data protection legislation is becoming gradually fragmented.
The implementation of the 1995 Directive has followed very different paths in different EU Member States. Some regimes, for instance, the United Kingdom’s, are fairly relaxed, while others, such as the French and German regimes, are much more prescriptive.
The review process kicked off in November 2010 with a Communication from the European Commission to the European Parliament and the Council entitled “A comprehensive approach on personal data protection in the European Union”. At the end of February 2011, the Justice and Home Affairs Council (meeting for the 3,071st time) adopted a short six page paper (apparently a press release) setting out its “conclusions” in response to the Commission’s Communication.
The Council paper is not an easy read, consisting of 17 paragraphs of rather disjointed preamble followed by a further 26 paragraphs of what essentially amount to the Council’s suggestions to the Commission about the next stage of the process.
It is interesting to note that the data protection principles enshrined in the UK Data Protection Act 1998 are now considered “time honoured”…