The Proposed EU Data Protection Regulation One Year Later: The Albrecht Report

Originally published in "Privacy & Security Law Report" January 21, 2013.

One year ago (Jan. 25, 2012), the European Commission published its proposal to reform the European Union’s (EU) legal framework for data protection. The proposal includes two different legal instruments: a General Data Protection Regulation covering data processing by the private sector and public authorities (the Regulation), and a General Data Protection Directive applicable to law enforcement (the Directive). In ambition, scope, and size, the Regulation is the largest and most complex piece of data protection legislation ever proposed. The proposal was just the first step in a complicated, multiyear process that must still clear many hurdles before it is completed. On Jan. 8, the main rapporteur for the Regulation in the EU Parliament, German Green Member of the European Parliament (MEP) Jan Philipp Albrecht, issued a draft report (the Albrecht Report or the Report) on the Regulation for the Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee) that raises many questions about the proposal’s future direction, and its implications for the private sector. The Albrecht Report proposes substantive amendments to the Regulation, and its issuance provides a good opportunity to evaluate some of the data protection issues at stake, and to take stock of the progress of the reform proposals thus far (the discussion herein will be limited to the Regulation).

The substance of the Regulation has already been described in detail, and we will thus not go into it here. Following its publication, the sheer size and scope of the proposal seems to have stunned most observers into silence, as they began reviewing it in detail. Many stakeholders in both the private and public sectors then began to issue papers reacting to the proposal. Once issued, the Regulation entered into the EU ordinary legislative procedure. Most observers believe that the procedure will take at least two years to complete, with others being more pessimistic (one high-level representative of a member state government has stated that it may take up to 10 years!). EU Commission Vice- President Viviane Reding, who is in charge of the data protection reform for the EU Commission, is known to be keen on the procedure being completed in time for the next EU parliamentary elections in June 2014.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Wilson Sonsini Goodrich & Rosati | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.