On March 12, 2014 the European Union Parliament ( Plenary) met in Strasbourg, France and voted in favor of the proposed data privacy regulation that has been reported to this forum previously. The plenary vote was: 621 votes in favor, 10 against and 22 abstentions for the Regulation and 371 votes in favor, 276 against and 30 abstentions for the Directive. You may recall that some of the EU states preferred the data privacy be a directive rather than a regulation. A directive, unlike a regulation, gives the member country more ability to interpret the law to their liking. This is the first step in process where the two legislative bodies that must approve the proposed regulation before it can become law.
For those who may not be familiar with the structure of the European Union there is a difference between the European Union Parliament and the European Union Council of Ministers. Both are part of the bicameral European Union Legislature.
The European Union Parliament which is who met in Strasbourg, are the directly elected parliamentary institution of the EU. It is composed of 766 members and is directly elected every five years. Together with the Council of the European Union (the Council) and the European Commission, it exercises the legislative function of the EU According to Wikipedia it has legislative power that the Council and Commission do not possess, it does not formally possess legislative initiative authority. (http://en.wikipedia.org/wiki/European_Parliament)
The Council of European Union is part of the essentially bicameral EU legislature, representing the executives of 28 EU member states—the other legislative body is the EU Parliament . The Council is comprised of the 28 National Ministers –one for each member of the European Union. (http://en.wikipedia.org/wiki/Council_of_the_European_Union)
To read more about how proposals become law in the European Union see:
http://europa.eu/eu-law/decision-making/procedures/index_en.htm . For a list of the current 28 EU member countries see: http://europa.eu/about-eu/countries/index_en.htm
As both organizations share legislative responsibilities equally, for legislation to become law both must agree for a proposal to become law.
EU Commission Vice President Viviane Reding stated after the vote: “Data Protection is made in Europe. Strong data protection rules must be Europe's trade mark. Following the U.S. data spying scandals, data protection is more than ever a competitive advantage.” (The Commission is the executive body of the European Union.)
To become law the proposed regulation needs to be adopted by the Council of Ministers. Even with changes in the Parliament due to elections in May EU Commission Vice President Reding asserted the Parliament’s position is “set in stone” and won’t change with different members in the Council. The Parliament and the Council will “negotiate” once the Council defines its position. The next meeting of Justice Ministers on the data protection reform will take place in June 2014.
The regulation does the following:
1. Establishes a single, pan-European law for data protection- no longer each EU member having their own data protection laws
2. Establishes a 'one-stop-shop' for businesses- no longer companies having to deal with multiple regulatory bodies.
3. Establishes same rules for all companies regardless of where they are located-- companies based outside of Europe will have to apply the same rules when doing business in the EU. Economic penalties for non-compliance
4. Establishes a “right to be forgotten” for the individual
5. Requires the individual to give consent to process the individual’s data
In the press release by the EU after the Plenary vote they asserted under “the right to be forgotten” is not an absolute right. There are cases where there is a legitimate reason to keep data in a data base. The example they used is the archives of a newspaper. It is clear that the right to be forgotten cannot amount to a right to re-write or erase history. The “right” also carries with it the “right to erasure” The EU proposal states the individual has the “right to erasure” where a court or regulatory authority based in the Union has ruled as final and absolute that the data concerned must be erased. This provision is Article 17 of the proposed regulation. The genealogical community is most concerned with this provision so that future records are preserved.
To read the press release about the March 12 Plenary vote see: http://europa.eu/rapid/press-release_MEMO-14-186_en.htm
Past postings on the European Union and the proposed data privacy regulation may be found in the Records Access Alert archives: http://lists.iajgs.org/mailman/private/records-access-alerts/ . You must be a registered subscriber to access the archives. To register go to: http://lists.iajgs.org/mailman/listinfo/records-access-alerts and follow the instructions to enter your email address, full name and which JGS/JHS/SIG/JewishGen is your affiliation You will receive an email response that you have to reply to or the subscription will not be finalized..
Jan Meisels Allen
Chairperson, IAJGS Public Records Access Monitoring Committee