The Proposed EU Data Protection Regulation One Year Later: The Albrecht Report

Originally published in "Privacy & Security Law Report" January 21, 2013.

One year ago (Jan. 25, 2012), the European Commission published its proposal to reform the European Union’s (EU) legal framework for data protection. The proposal includes two different legal instruments: a General Data Protection Regulation covering data processing by the private sector and public authorities (the Regulation), and a General Data Protection Directive applicable to law enforcement (the Directive). In ambition, scope, and size, the Regulation is the largest and most complex piece of data protection legislation ever proposed. The proposal was just the first step in a complicated, multiyear process that must still clear many hurdles before it is completed. On Jan. 8, the main rapporteur for the Regulation in the EU Parliament, German Green Member of the European Parliament (MEP) Jan Philipp Albrecht, issued a draft report (the Albrecht Report or the Report) on the Regulation for the Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee) that raises many questions about the proposal’s future direction, and its implications for the private sector. The Albrecht Report proposes substantive amendments to the Regulation, and its issuance provides a good opportunity to evaluate some of the data protection issues at stake, and to take stock of the progress of the reform proposals thus far (the discussion herein will be limited to the Regulation).

The substance of the Regulation has already been described in detail, and we will thus not go into it here. Following its publication, the sheer size and scope of the proposal seems to have stunned most observers into silence, as they began reviewing it in detail. Many stakeholders in both the private and public sectors then began to issue papers reacting to the proposal. Once issued, the Regulation entered into the EU ordinary legislative procedure. Most observers believe that the procedure will take at least two years to complete, with others being more pessimistic (one high-level representative of a member state government has stated that it may take up to 10 years!). EU Commission Vice- President Viviane Reding, who is in charge of the data protection reform for the EU Commission, is known to be keen on the procedure being completed in time for the next EU parliamentary elections in June 2014.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Wilson Sonsini Goodrich & Rosati | Attorney Advertising

Written by:


Wilson Sonsini Goodrich & Rosati on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.