Four trialogues were not enough for the Estonian Presidency of the Council of the EU to thrash out a compromise between European institutions on the draft regulation on personal data processing by the EU institutions and bodies. According to a Presidency progress report seen by EUROPE, the continuation of negotiations under the Bulgarian Presidency look like they are going to get tough, particularly with regard to the question of the regulation's scope.
It should be recalled that this text was proposed a year ago (see EUROPE 11700) to modernise and adapt existing rules that go back to 2001, with the introduction of more recent and stricter rules established under the general regulation on data protection of 2016.
The Council adopted its position in June and Parliament did the same in October 2017. The inter-institutional negotiations began in November but, very quickly, divergences appeared. The major question involves establishing whether personal data processing by the EU organisations in the field of legal cooperation in criminal and police proceedings -Eurojust, Europol and the future European Prosecutor's Office - should be the subject of a harmonised legislative framework, as sought by Parliament or whether, on the contrary, these agencies should maintain their own regimes in their founding acts, as sought by the Council.
Although the European Parliament considers that the application of a single instrument for all EU institutions is an important step towards reducing the fragmentation between the different systems for processing personal data, the Council, however, believes that such an approach would create additional fragmentation.
At the beginning of December, the Presidency did, however, venture to propose a compromise that sought to exclude Europol, Eurojust and the European Prosecutor’s Office from the scope of the regulation and, therefore, would have maintained their own special regimes. In an effort to respond to the concerns expressed by the Parliament, it did propose to include a revision clause calling on the Commission to evaluate the data protection system applicable to the three agencies and to propose, if necessary, a number of amendments. Parliament, however, deemed this option insufficient.
At the end of the most recent trialogue, Parliament continued to highlight the need to include these agencies in the scope of the regulation but it would be, however, open to the idea of introducing a transition period after which the regulation would apply to Europol and the European Prosecutor’s Office. With regard to Eurojust, it considers that the agency should from the very beginning be subject to the new rules in the draft regulation, given that the proposal for the reform of the model of Eurojust governance is currently the subject of the trialogue negotiations (see EUROPE 11929).
The possibility of separating discussions on the rules for data protection at Europol and the European Prosecutor’s Office on the draft regulation, was also as a possibility examined by Parliament. The Council, however, is sticking to its guns and believes the three existing agencies must be examined at the same time in an effort to avoid any possible differences arising between the different agencies that could create problems in the practical cooperation between them.
The two institutions have a tight schedule if they are to reach an agreement: the regulation is supposed to enter into force at the same time as the general regulation on data protection on 25 May next. (Original version in French by Marion Fontana)