The date of the first binding vote by the Civil Liberties, Justice and Home Affairs Committee (LIBE) on the proposed General Data Protection Regulation (Regulation), which was initially planned for April-May 2013, has been postponed a second time. During the meeting on May 6, LIBE decided to delay the vote even further, but did not provide a new date. It is most likely to be held before the summer break, which takes place in mid-July. Given the volume of suggested amendments to the EU draft Data Protection Framework, this is hardly a surprising outcome.

Jan Philipp Albrecht, a German MEP and LIBE's rapporteur for the Regulation, received 3,133 proposed amendments to the proposed Data Protection Regulation, and confirmed that both postponements stemmed from the volume of contested areas. At the same time, four other parliamentary committees prepared non-binding opinions that proposed numerous changes. The same was done by a number of EU Member States.

The lively discussion results from the fact that the Regulation will not allow Member States to tailor any provisions they disapprove. Aspects of the draft that have been criticised include the "explicit" consent requirement, introduction of the right to be forgotten and the right of portability, the requirement for data protection officers, and the treatment of smaller companies, as well as the punitive sanction regime of 2% of worldwide annual revenue for a specified list of compliance failures (see also our blog about EU Member States arguing for watering down the Proposed Regulation). There were also calls for increasing the clarity of numerous provisions. The lively discussion is understandable, given the move from a directive to a regulation that provides no scope for national variations, and the overly prescriptive nature of the draft Regulation.

Sophie in 't Veld, a Dutch MEP and LIBE's vice-chair, expressed concerns about excluding anonymised data from the Regulation, claiming she does "not believe in anonymous data anymore," given the risk of re-identification. She also criticised the exclusion of the public sector and law enforcement from the scope of the Regulation. The draft Data Protection Directive on the processing of personal data by law enforcement authorities attracted 673 proposed amendments.

The UK Ministry of Justice published an impact assessment in November 2012, arguing that the costs of the new data protection regime would outweigh its benefits, and accused the EU Commission of over-estimating the cost savings to organisations under the proposed Data Protection Framework.

It is unclear whether this further postponement will have an impact on the overall timeline, but the postponed LIBE vote is only one step in a lengthy legislative process. Once LIBE formally adopts its position on the draft, it will begin negotiations with the Council of Ministers. The representative of the Irish Presidency confirmed that the Council plans to debate some key issues in advance of the negotiations with LIBE, but some matters, including the treatment of the public sector, are expected to remain undecided until after 30 June. Lastly, the Regulation will need to be approved by the European Parliament. The second delay shows that unless compromises are negotiated quickly, it may be difficult to complete the initial plan and adopt the Regulation before the European Parliament is re-appointed in 2014.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.