Privacy & Information Security Law Blog

On June 1, 2015, the Group of the European People’s Party in the European Parliament released an updated timetable for agreeing on the proposed EU General Data Protection Regulation (the “Regulation”). The European Commission, European Parliament and the Council of the European Union will soon enter multilateral negotiations, known as the “trilogue,” to agree on the final text of the proposed Regulation.

The trilogue will commence once the Council of the European Union, acting through the Justice and Home Affairs Council (the “Council”), has agreed on its common position, which is expected to be finalized imminently, and formally adopted by the Council at its next meeting on June 15, 2015, in Luxembourg. The first trilogue negotiations are expected to take place shortly after June 24, 2015. The European Parliament also will publish a general roadmap for further trilogue meetings later in 2015, but exact dates have not yet been finalized and are subject to agreement with the European Commission and Council of Ministers.

The key dates are as follows:

• June 15, 2015 - Justice and Home Affairs Ministers Council meeting in Luxembourg, where it is assumed a general approach to the Regulation will be adopted.
• June 24, 2015 - First trilogue meeting to be held in Brussels (subject to agreement with the European Commission and the Council) to agree on the overall roadmap for trilogue negotiations.
• July 14, 2015 - Second trilogue meeting to discuss territorial scope and international transfers.
• September 2015 - Further trilogue meetings to debate data protection principles, the rights of data subjects and the obligations of controllers and processors.
• October 2015 – Trilogue discussions will focus on Data Protection Authorities, cooperation and consistency, and remedies, liability and sanctions.
• November 2015 - Further trilogue meetings to deliberate (1) the objectives and material scope of the Regulation, (2) flexibility for the public sector and (3) specific data processing regimes.
• December 2015 - The last trilogue meetings of the year will focus on delegated and implementing acts, final provisions and any other remaining issues.

In addition, the incoming Luxembourg Council Presidency is aiming to agree on a general approach to the Police and Criminal Justice Data Protection Directive, the second element of the EU data protection reform package, in October or November of this year. A trilogue would start immediately afterward and run in parallel with the trilogue on the Regulation.