PDF to HTML - Convert PDF files to HTML files

Europaudvalget 2011-12
EUU Alm.del Bilag 581
Offentligt

EUROPEAN PARLIAMENT

Committee on Civil Liberties, Justice and Home Affairs

2009 - 2014

PRELIMINARY DRAFT AGENDA

(Version 1 - 20.07.2012)

INTERPARLIAMENTARY COMMITTEE MEETING

European Parliament - national Parliaments

The reform of the EU Data Protection framework

- Building trust in a digital and global world

Tuesday, 9 October 2012, 9.00-18.30

Wednesday, 10 October 2012, 9.00 – 18.30

European Parliament, Brussels

Organised with the support of the Directorate for Relations with national Parliaments

This is only a preliminary version of the draft agenda subject to further changes.

Version 1 - 23.07.2012

United in diversity

PDF to HTML - Convert PDF files to HTML files

1. General introduction

In the digitalised and global world the way in which personal data are collected,

accessed, used and transferred has been profoundly transformed and become

increasingly sophisticated. New technologies allow for an ever-increasing volume of

personal data. Likewise law enforcement authorities have significantly increased their

processing of personal data activities for the performance of their tasks.

In this challenging environment, the protection of personal data has become an essential

issue of interest as regards the rights of the individual with regard to the protection of

her/his personal data, on one-side, and the question of necessary and proportionate

processing of personal data, by private entities and public authorities, on the other side.

Data protection is a fundamental right enshrined in Article 8 of the Charter of

Fundamental Rights of the European Union, and in Article 16 of the Treaty on the

Functioning of the European Union (TFEU).

In that regard, based on the experience with the current Directive 95/46/EC of the

European Parliament and of the Council of 24 October 1995 on the protection of

individuals with regard to the processing of personal data and on the free movement of

such data (OJ L 281, 23.11.1995, p. 31) and Council Framework Decision 2008/977/JHA

of 27 November 2008 on the protection of personal data processed in the framework of

police and judicial cooperation in criminal matters (OJ L 350, 30.12.2008, p. 60),

as well

as the input of the European Parliament

, the Commission has proposed two new legal

instruments - proposal for a Regulation on the protection of individuals with regard to

the processing of personal data and on the free movement of such data (General Data

Protection Regulation, COM(2012) 11) and proposal for a Directive on the protection of

individuals with regard to the processing of personal data by competent authorities for

the purposes of prevention, investigation, detection or prosecution of criminal offences

or the execution of criminal penalties, and the free movement of such data (Data

Protection Directive, COM(2012)10). Initially the Commission intended to present a

single horizontal instrument.

The two new instruments, if adopted, would substantially

define the EU data protection principles and rules for the following decades. The aim of

the two proposals, as stated by the Commission, is to establish a modern, strong and

consistent legislative framework across Union policies, enhancing individuals' rights,

deepening the Single Market dimension of data protection, cutting red tape for

businesses, and addressing issues posed by transnational flows of personal data.

In that regard the two instruments should, inter alia, end the current fragmentation

through specific national rules (therefore the form of a Regulation for the first proposal),

extend common principles to purely internal data processing situations in the law

enforcement area as well (as regards the Directive), so as to ensure a high level of

See also Commission Communication on safeguarding privacy in a connected world - A European data

protection framework for the 21st century (COM(2012)0009).

Resolution of the European Parliament of 6 July 2011 on a comprehensive approach on personal data

protection in the EU (P7_TA-PROV(2011)0323).

Commission Communication on a comprehensive approach on personal data protection in the European Union

(COM(2010)0609).

2/12

Version 1 - 20.07.2012

PDF to HTML - Convert PDF files to HTML files

protection of the fundamental right of the individual to data protection. As a

consequence trust of individuals in the digital economy and trust of citizens in the

protection of fundamental rights by police and judicial authorities of Member States

would be enhanced, and hence contributing to economic growth and the efficient work

of law enforcement authorities.

2. Main elements of the reform

The main elements of the reform are: - data protection as a fundamental right; -

coverage of all kinds of situations and all kinds of sectors, - technological neutrality of

the legal framework to cover different processing techniques - preventing fragmentation

and providing legal certainty for individuals, enterprises and public entities, - providing

harmonisation for processing of personal data by law enforcement authorities and the

exchange between them, - ensuring the protection of EU individuals where personal

data are transferred to third countries while providing safe and flexible tools for

international data flows.

In that regard the proposed instruments envisage several novelties. The proposal for a

Regulation will introduce the concept of "main establishment", a single law applicable to

data processing of a controller, the so called "one stop shop", the recognition of the right

to be forgotten and the right to portability of personal data, data protection by design

and by default, notification of data breaches, data protection officers, international

transfers based on adequacy decisions or other appropriate safeguards, namely binding

corporate rules, specific rules on data protection authorities with adequate enforcement

powers, a consistency mechanism, sanctions, specific provisions on freedom of

expression or the employment context. The instruments also clarify several provisions

such as the notion of "consent", the provisions on profiling or the exercise of the data

subject's rights. The proposal for a Directive sets out a harmonised framework with a

minimum level of protection which will apply to processing of personal data by law

enforcement authorities both at domestic level and in cases of exchanges of personal

data between Member States' law enforcement authorities.

Such goals and the proposed changes arose a legitimate debate regarding, inter alia,

questions on the appropriateness of the proposals to achieve the mentioned goals, the

relation between general Union law and national specific laws, the inter-linkage of both

legislative instruments especially in cases of law enforcement access to data held by

private companies, proper safeguards as regards international data sharing and onward

transfers, reduction of regulatory/administrative burden and costs for data controllers,

appropriateness and effectiveness of sanctions, clarifications on “profiling”, "legitimate

interest", "public interest" and "public security", portability of data, data protection by

design and by default. Implementation as regards the role of the Commission through

delegated and implementing acts and in the consistency mechanism, independence of

and division of roles between data protection authorities, etc.

See EP working document of 6 July 2012 on the General Data Protection Regulation and on the Directive on

the processing of personal data for the purposes of prevention, investigation, detection or prosecution of criminal

offences (PE491.322v01).

3/12

Version 1 - 20.07.2012

PDF to HTML - Convert PDF files to HTML files

3. Objectives of this inter-parliamentary meeting

The Interparliamentary Committee Meeting prepared jointly by the EP Committee on

Civil Liberties, Justice and Home Affairs (LIBE) and the Legislative Dialogue Unit (LDU)

is intended to reflect on some of the mentioned issues and to engage members of the

European Parliament and national Parliaments in an exchange of views and a

constructive dialogue. Such a dialogue is essential, as already several national

Parliaments took special interest in the proposed instruments, as shown by several

reasoned opinions and contributions issued by national Parliaments.

The two day meeting will be divided into seven sessions reflecting the main questions

raised by the two proposals: I. The reform of the EU Data Protection framework (general

discussion), II. Data protection rights, III. Data protection and law enforcement, IV. Data

processors and controllers in the private sector, V. Implementation, DPAs and

consistency, VI. Police data sharing and access to private data bases, and VII. Data

protection in the global context. For each topic some specific questions were raised and

provided beforehand to national Parliaments (see Annex).

Such a structured dialogue and its output will help the two LIBE Rapporteurs and the

other Members of the LIBE Committee and the European Parliament in general to duly

reflect on and take into account the concerns of national parliamentarians in the

framework of the legislative procedure being conducted at EU level.

From Belgium, France, Germany, Italy and Sweden for the proposed Regulation, and from Germany and

Sweden for the proposed Directive.

4/12

Version 1 - 20.07.2012

PDF to HTML - Convert PDF files to HTML files

Order of business

Tuesday, 9 October 2012

9.00 - 9.30

9.30 - 10.30

Moderator:

Speakers:

Opening by President of the European Parliament Martin

SCHULZ

SESSION I -

The reform of the EU Data Protection framework

Building trust in a digital and global world

Juan Fernando LÓPEZ AGUILAR,

Chair of the Committee on Civil

Liberties, Justice and Home Affairs

CYPRUS PARLIAMENT, Chair of the corresponding committee (tbc)

CYPRUS PRESIDENCY, Minister (tbc)

Francoise LE BAIL, European Commission (tbc)

Academia

Questions and Answers from national parliamentarians and MEPs

10.30 - 12.30

SESSION II - Data protection rights - Harmonised

rights for a

clear and better protection, easier enforcement and building more

trust

Jan Philipp ALBRECHT,

MEP, Rapporteur on the Data Protection

Regulation

Representative of a national Parliament

National DPA

Academia

Industry

NGO

Questions and Answers from national parliamentarians and MEPs

Lunch Break

15.00 - 15.30

15.30 - 17.00

Moderator:

Opening by Commissioner Viviane REDING (tbc)

SESSION III - Data protection and law enforcement

Dimitrios DROUTSAS,

MEP, Rapporteur on the Data Protection

Directive

Representative of a national Parliament

Eurojust

Europol

5/12

Version 1 - 20.07.2012

Moderator:

Speakers

PDF to HTML - Convert PDF files to HTML files

Academia

Questions and Answers from national parliamentarians and MEPs

17.00 - 18.30

SESSION IV -

Data controllers and processors in the private sector

and free flow of information in the internal market

Sean KELLY,

MEP, ITRE Draftsperson, and

Nadja HIRSCH,

MEP,

EMPL Draftsperson

Representative of a national Parliament

Pegado Luz, Rapporteur of the European Economic and Social

Committee on the proposed regulation (tbc)

Industry,

Consumer protection NGO

Questions and Answers from national parliamentarians and MEPs

Moderators:

Speakers

Wednesday, 10 October 2012

9.00- 10.45

Moderator:

Speakers:

SESSION V - Implementation, DPAs and

ensuring consistency

Marielle GALLO,

MEP, JURI Draftsperson, and

Lara COMI,

MEP,

IMCO Draftsperson

Representative of a national Parliament

Peter HUSTINX, European Data Protection Supervisor

Jacob Kohnstamm

, President of the Article 29 Working Party

Fundamental Rights Agency

Questions and Answers from national parliamentarians and MEPs

10.45- 12.30

Moderator:

Speakers:

SESSION VI -

Police data sharing and access to private data bases

Sophia IN'T VELD,

MEP, and

Timothy KIRKHOPE,

MEP

Representative of a national Parliament

National police

Private sector

Academia

Questions and Answers from national parliamentarians and MEPs

Lunch Break

6/12

Version 1 - 20.07.2012

PDF to HTML - Convert PDF files to HTML files

15.00- 18.00

Moderator:

Speakers:

SESSION VII -

Data Protection in the global context- Protecting

rights in the global world

Alexander

ALVARO,

MEP, and

Axel VOSS,

MEP

Representative of a national Parliament

U.S. representatives

Other third country representatives

Council of Europe

Questions and Answers from national parliamentarians and MEPs

18.00 - 18.30

Closing

LIBE Rapporteurs Jan Philipp ALBRECHT and Dimitrios DROUTSAS

CYPRUS PARLIAMENT, Chair of the corresponding committee

7/12

Version 1 - 20.07.2012

PDF to HTML - Convert PDF files to HTML files

ANNEX

IMPORTANT NOTICE FOR THOSE WISHING TO ATTEND

THE MEETING

This meeting is open to the public. However, for security reasons, participants who do not have a

European Parliament access badge must obtain a pass in advance. Those wishing to obtain such

a pass should contact the secretariat ([email protected])

before 1 October

2012 at noon.

It is essential to provide us with your

LAST NAME, First name, date of birth,

nationality, type of the ID (passport, identity card, driving licence, etc.), number of the ID,

address and company/institution/organisation.

Without this information, the Security

Service will not provide entry passes.

All participants from the national Parliaments (Members, officials and Brussels based

representatives) need to complete the online registration form for the event (a link will be

provided at the beginning of September 2012).

PRACTICAL GUIDELINES FOR THE DEBATE

•

During the discussion, so as to make it possible for the highest number of parliamentarians to

intervene, speaking time of speakers will be limited to

ten minutes

and speaking time of other

participants to

two minutes

per contribution or question.

•

Members are kindly asked to fill in the sheet requesting speaking time (indicating their name and

parliament) which will be distributed in the meeting room.

•

Speakers wishing to supplement their speeches may do so in writing by submitting a document

(preferably in English or French) in advance to the secretariat (email:

[email protected]).

These documents will be circulated during the meeting.

•

Meeting documents will be progressively added to the Hearings section of the LIBE Committee

pages:

http://www.europarl.europa.eu/activities/committees/homeCom.do?language=EN&body=LIBE

and to the EP webpage on Relations with national Parliaments

http://www.europarl.europa.eu/webnp/cms/lang/en/pid/15

THE MEETING IS BROADCASTED LIVE AND RECORDED

http://www.europarl.europa.eu/activities/committees/homeCom.do?language=EN&body=LIBE

LIBE Committee pages:

ADDITIONAL INFORMATION

LIBE Secretariat

Jose Manuel DE FRUTOS GOMEZ

Administrator

Office: RMD 04J014

Phone: +32(2)28 46733

jose-manuel.de-frutos-

[email protected]

Relations with national Parliaments

Jitka POLÁŠKOVÁ

Administrator

Office: WIE 05U024

Phone: +32(0)2 28 31056

[email protected]

The processing of personal data is subject to Regulation (EC) No 45/2001of 18 December 2001 (OJ.L 8

12.1.2001, p. 1)

8/12

Version 1 - 20.07.2012

PDF to HTML - Convert PDF files to HTML files

Anze ERBEZNIK

Administrator

Office: RMD 04J020

Phone: +32(0)2 28 32811

[email protected]

Eva PICKMANN

Assistant

Office: ATR 01L024

Phone: +32(0)2 28 44094

[email protected]

Angela HRINCESCU

Assistant

Office: RMD 04J008

Phone: +32(0)2 28 41544

[email protected]

Federico BOSCHI ORLANDINI

Administrator

Office: WIE 05U017

Phone: +32(0)2 28 41529

[email protected]

Charlotte BLONDIAU

Assistant

Office: WIE 05U020

Phone: +32(0)2 28 40979

[email protected]

9/12

Version 1 - 20.07.2012

PDF to HTML - Convert PDF files to HTML files

Interparliamentary Committee Meeting on

The reform of the EU Data Protection framework - Building trust in a digital and

global world

9/10 October 2012

Questionnaire addressed to national Parliaments

Please, find attached a number of questions that will serve as the basis for the panels of

the Interparliamentary Committee Meeting on 9/10 October 2012.

Replies to the questionnaire (in English, French or German) should be sent by Friday, 21

September 2012 to

[email protected].

Please, find below for your convenience a link to the website of the European

Commission on EU data protection in general and specifically on the two legislative

proposals on data protection (General Data Protection Regulation and Data Protection

Directive on criminal law):

http://ec.europa.eu/justice/data-protection/index_en.htm

SESSION I -

The reform of the EU Data Protection framework - Building trust in a

digital and global world

1. Do you see a necessity and added value in the proposed EU Data Protection

reform (questions on subsidiarity and the chosen legal form - two instruments -

regulation and directive)?

2. How do you see the relation between Union and national legislation (questions

on subsidiarity and the chosen legal form - two instruments - regulation and

directive)? Should there be more flexibility for Member States to regulate data

processing in special situations? How would this affect the harmonisation of the

internal market?

3. What are in your opinion the main missing elements, if any, of the current EU

system of data protection based on Directive 95/46/EC and Framework Decision

2008/977/JHA?

4. How to ensure that the envisaged legislation will keep up with technological

developments? Are, in your opinion, the principles of “privacy by design” and

“privacy by default” an adequate approach?

10/12

Version 1 - 20.07.2012

PDF to HTML - Convert PDF files to HTML files

SESSION II - Data protection rights and principles - Harmonised

rights for a clear

and better protection, easier enforcement and building more trust

5. What is your opinion about the provisions regarding the rights of data subjects

and their applicability in practice, such as portability, right to be forgotten,

deadlines to address requests for access, rectification?

6. What is your opinion about the principles underlying these rights, such as the

need for a legal basis for data processing, the conditions for consent, or the

notions of “public security” or “legitimate interest” as a basis for data processing?

SESSION III - Data protection and law enforcement/SESSION VI -

Police data sharing

and access to private data bases

7. Should such a new framework also apply to purely domestic processing activities

by law enforcement or should it be limited to cross-border cases only (question

of reversed discrimination, data protection as a common fundamental right from

the Charter, subsidiarity, etc.)?

8. There is a growing tendency by law enforcement to have access to data held by

private companies for commercial purposes; how to ensure a proper balance

between law enforcement needs and fundamental rights?

SESSION IV -

Data controllers and processors in the private sector and free flow of

information in the internal market

9. Is the proposal reducing regulatory/administrative burden for data controllers,

especially as regards small and medium enterprises (SMEs)?

10. How will the "one-stop shop" mechanism impact on the laws of the Member

States and on the rights of the data subject (legal and linguistic obstacles, etc.)?

How to guarantee that decisions are lawfully enforceable in the Member State of

residence of the data subject?

11. How to ensure that the envisaged legislation will keep up with technological

developments? Are, in your opinion, the principles of “privacy by design” and

“privacy by default” an adequate approach?

SESSION V - Implementation, DPAs and

ensuring consistency

12. How do you evaluate the proposed sanction mechanism (level of sanctions,

proportionality, discretion, legal remedies, etc.)? How would this affect

provisions in your Member State, and what are the experiences with the current

model?

11/12

Version 1 - 20.07.2012

PDF to HTML - Convert PDF files to HTML files

13. How do you evaluate the proposed consistency mechanism (the fact that national

DPAs will be required to abide by the decision taken within the consistency

mechanism, and the questions of their independence and the risk to act in breach

of national law)? How do you perceive the proposed role of the Commission in

that regard, especially as regards the question of independence of the European

Data Protection Board?

14. How do you evaluate the resources of the data protection authority/authorities

in your Member State? How to ensure they are sufficient in a world of ever more

data processing?

SESSION VII -

Data Protection in the global context- Protecting rights in the global

world

15. How do you evaluate the proposed international transfer mechanism in both

proposals taking into account that the EU and third states frameworks are not

always based on same principles and do not offer the same protections for

individuals?

16. The Commission has indicated that its proposal aims at simplifying international

transfers and overcome burden for controllers. Does this mean that data subjects'

rights will be less protected?

17.

Do you have any other remarks as regards the proposed reform package?

12/12

Version 1 - 20.07.2012