EU Council's Presidency submits draft compromise text on proposed EU Data Protection Regulation | Practical Law

EU Council's Presidency submits draft compromise text on proposed EU Data Protection Regulation | Practical Law

The EU Council's Presidency has submitted draft compromise text on the proposed EU Data Protection Regulation.

EU Council's Presidency submits draft compromise text on proposed EU Data Protection Regulation

by Practical Law IPIT & Communications
Published on 06 Jun 2013European Union
The EU Council's Presidency has submitted draft compromise text on the proposed EU Data Protection Regulation.
The EU Council's Presidency has submitted draft compromise text of Chapters I to IV of the proposed EU Data Protection Regulation for consideration by delegations. It noted that agreement on these chapters could not be finalised until agreement has been reached on the proposed Regulation as a whole. We will be updating our Practice note, EU data protection regime proposals: analysis and noter-up to include an analysis of this text and this will appear in one our future e-mails. However, a selection of points to note includes:
  • A definition of pseudonymous data has been added and used to calibrate controllers' and processors' obligations in certain cases. A recital has been introduced to clarify the meaning of anonymous information to which the data protection principles do not apply.
  • Unambiguous has been substituted for explicit in the case of processing of personal data (other than sensitive data) on the ground of consent.
  • The controller's obligations in connection with data security and the right to be forgotten take account of available technology and the cost of implementation.
  • The general compliance obligation on controllers has been qualified in terms of various factors including risk.
  • The scope, nature and timing of the data controller's security breach obligations have been recast more favourably and reflect a risk-based approach.
  • The appointment of a data protection officer has been made optional under the proposed text, although it may be made mandatory under separate EU or national law.
  • The code of conduct and certification provisions have been made more detailed and empower the Commission to introduce a European Data Protection Seal by delegated act.
Source: Note from Presidency to Council and Addendum, 31 May 2013.