Commission data protection reforms under fire
EU justice commissioner Viviane Reding Thursday (3 May) rejected criticism that certain provisions within her draft proposal on data protection rules could amount to a power-grab by the European Commission.
She was forced onto the defensive after a high-level expert committee in March said the commission would be making too many changes to current data protection rules without proper oversight - potentially leading to legal uncertainty.
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
“The Working Party has serious reservations with regard to the extent the commission is empowered to adopt delegated and implementing acts, which is especially relevant because a fundamental right is at stake,” the Article 29 Data Protection Working Party said at the time.
Such acts, introduced in the 2009 Treaty of Lisbon, allow the commission to make minor changes to the law without affecting its core. Both the European parliament and council - representing member states - maintain some oversight over any such changes.
Specifically, a delegated act supplements or amends so-called non-essential elements of EU legislation while an implementing act, proposes uniform conditions for its implementation.
The working party pointed out that in Reding’s regulation a number of issues including data breach notification and mutual assistance could only be applied using such acts. And the use of them are at the commission’s discretion.
“The adoption of delegated or implementing acts for a large numbers of articles may take several years and could represent legal uncertainty," it said.
But Reding countered the working party position on Thursday by stating that delegated acts have essentially ended “the secretive way of technical legislation” drafted by bureaucratic committees behind closed doors.
Both parliament and council must explicitly agree to the acts in the text of the legislation, the commissioner pointed out.
“It is understandable to me that certain lobbyists from powerful multinationals are not very keen on delegated acts,” said Reding.
She added: “It is much easier to influence a handful of national experts in national ministries in a meeting behind closed doors than to change the view of 754 directly elected European Parliamentarians.”
A spokesperson from the European Parliament’s legal affairs committee agreed that such acts increase the transparency of the EU legislative process.
But detractors, like Vicky Marissen who is managing director at Pact European Affairs, a Brussels-based consultancy specialising in EU decision-making procedures, also claims the acts give the commission too much power.
Marissen, who co-authored and contributed to two books on comitology with Daniel Gueguen, argues that discussions on delegated and implementing acts should involve people who have to implement the laws, including member states’ authorities and businesses.
She argues that neither the parliament or council would really be able to amend the delegated acts outlined in Reding’s proposal on data protection reform.
“Great autonomy is given to the European commission which not only proposes the delegated acts but also adopts them. The European parliament and the council can veto it but under strict conditions. The parliament requires an absolute majority while the council requires a qualified majority," noted Marissen.