I’m about to attend a series of meetings in Central London to hear (mostly) wise men discuss what might happen to the proposed data protection reform package.
While I don’t doubt their sincerity (and we all like a good debate), I do wonder how accurate their predictions will turn out to be.
After all, let’s just consider what changes have already been proposed and accepted:
A record 3,133 amendments to the proposed regulation were tabled in the Civil Liberties Committee. Together with the amendments tabled in their opinions by the Industry Committee (417), the Internal Market Committee (226), the Employment Committee (27) and the Legal Affairs Committee (196), they make a total of 3,999 amendments. This is the highest number of amendments to a single legislative file ever tabled in the European Parliament.
Parliament's political groups negotiated 91 compromise amendments, combining those already tabled, in order to make it easier to vote on the regulation.
673 amendments to the draft directive were tabled in the Civil Liberties Committee. Together with the amendments tabled by the Legal Affairs Committee in its opinion (98), they make a total of 771 amendments.
Parliament's political groups negotiated 64 compromise amendments, combining those already tabled, in order to make it easier to vote on the directive.
The voting list for the regulation has 261 pages and the one for the directive has 57 pages (a total of 318 pages).
By the time of the plenary vote in March 2014, the data protection reform had been debated for 20 months. The committee's official debates alone accounted for about 30 hours. Informal negotiations among political groups took around 250 hours.
And all this was happening while, separately, the Governments of the EU Member States, through the DAPIX committee, were considering their position.
Anyway, what I expect to hear from the speakers is that there is political pressure to be seen to be agreeing something, but that stakeholders may agree to compromise on the details. Also, that there is mounting pressure in some quarters for member states to be able to impose their own rules in particular cases. So what may emerge from the process is an instrument that calls itself a regulation but retains some of the characteristics of a directive. Finally, that while the texts may be extremely long and complicated, the overwhelming majority of sensible data controllers will be able to
ignore live with it.
Quite how, in a world where so many regulators are facing tight budgets, the measure will be effectively enforced, I really don’t know.