In a meeting of the EU Parliament’s Civil Liberties Committee (LIBE) yesterday, Vice Chair Jan Philipp Albrecht, Green MEP and Rapporteur to the General Data Protection Regulation, provided a report on the trilogue negotiations around the GDPR.

Chapter V is done, he said, and chapters II, III, and IV are largely done. 

“My impression is that we managed to get agreement on, I would estimate, 70 to 80 percent of the text,” he said, “but of course there are still issues, especially the more political issues, that we have to come back to.”

These remaining bits include:

• The form and conditions for individuals to give consent.

• How far and in which ways the principals of data minimization are defined and regulated in the text.

• The concrete formulations for informing individuals in a transparent manner. There are ongoing negotiations on the use of some kind of standardized symbol set.

• The duties for controllers and processors, including the necessity for from some controllers and processors to appointment a data protection officer, aka the "mandatory DPO." The Council would leave that sort of requirement up to the member states.

However, said Albrecht, “I still see very it as very realistically possible that we conclude before the end of the year, as we envisaged. The open questions will be revisited through November, but we’ll also move forward on VI and VII.”

The next big issue to be tackled, he said, is “how we get a better and more consistent enforcement. We will be able to conclude that quite soon.” Those concerned with the one-stop shop will be watching this closely.

Is there anything that could derail the progress? A dark horse to muck things up is the Directive on Data Processed in Criminal Proceedings, for which the Council has just recently released a general approach and begun another set of trilogue meetings.

Estonian MEP Marju Lauristin, a social democrat and Rapporteur to the Directive, spoke after Albrecht to reiterate the LIBE Committee’s insistence that the GDPR and the Directive are a “package” and that the GDPR should not pass without the Directive right alongside.

And the Directive is still to be debated in trilogue. “We have our own problems,” said Lauristin, “in our own area with data protection, privacy protection, human rights issues and the interests of national security … It’s not just the United States, but also inside the member states.”