Brussels delays data protection reforms

Complex overhaul

The European Commission has effectively pushed back plans to overhaul the Data Protection Directive by up to a year under pressure from national regulators.

Commissioner Viviane Reding said in March that she would publish her legislative proposals by the end of this year, but that deadline has now been abandoned. Instead, this year the Commission will merely outline its plans for action later.

"This will be the first step for a legislative proposal that will then follow in the course of the next 10 months," a spokeswoman told The Register.

French media have reported that their equivalent of the Information Commissioner's Office, CNIL, told Reding that her original timetable to revise the directive was unrealistic. She met national regulators on July 14, at a meeting of their Article 29 Working Group.

"The revision will be done in very close cooperation with the national data protection authorities because they are the ones who have to enforce EU data protection rules in their countries," her spokeswoman said today.

The Data Protection Directive is now 15 years old, and was conceived long before mass internet adoption. Reding has proposed an extensive revamp to take account of recent technologies such as social networking, cloud computing and behavioural advertising.

She also wants to bring use and sharing of personal data by law enforcement agencies under normal data protection legislation. Such activity is currently governed by separate "third pillar" laws that mean the Commission has no enforcement powers when abuses are revealed.

The Commission is currently considering 160 responses to a data protection consultation before proceeding on its new schedule.

"It is important to have high/quality legislation at European level that sets 'gold' standards for Europe's citizens when it comes to the protection of their data," it said. ®

Sponsored: Network DDoS protection