News has filtered out of Brussels that the DAPIX working group has held its last meeting on the General Data Protection Regulation (GDPR) under the current Latvian Presidency of the Council of the EU. This is in anticipation of a general approach agreement being reached on the text at the meeting of the Justice and Home Affairs (JHA) Council on June 15-16.
However, the Presidency will first have to steer its final edits through a number of meetings of Brussels-based JHA Counsellors, and member state ambassadors (‘COREPER’), before presenting a compromise proposal to the Council of Ministers. So there are still some significant steps to navigate in Brussels, but political momentum is with the negotiators to resolve the remaining discussion points ahead of Council.
If the Council does subsequently agree to a general approach on the Presidency proposal at the June meeting, then trialogue discussions with the European Parliament and the European Commission will commence shortly afterwards. This would represent a significant step forward in these long-running negotiations.
DAPIX, which stands for Data Protection and Information Exchange, first discussed the GDPR back in February 2012. As head of the UK delegation to DAPIX at the time, I clearly remember the presentation of the European Commission on how the GDPR would benefit citizens and businesses across the EU through enhanced rights and a new set of harmonised rules that would replace the patchwork of national legislative frameworks currently in place.
The role of DAPIX was to examine the Commission’s proposals in detail, but as the months of discussions turned into years, the draft text was examined in ever greater depth by member state delegations on an issue-by-issue basis. Indeed, the version of the GDPR which the Italian Presidency compiled in December 2014 contained 497 footnotes setting out numerous concerns that the Member States had raised about the Commission’s proposal as well as subsequent Council amendments.
The length of the process also meant that on several occasions, DAPIX had to recalibrate discussions to take into account issues raised by the Snowden disclosures and the “right-to-be-forgotten” judgment of the European Court of Justice, amongst many others.
DAPIX delegates, mainly drawn from member state justice or interior ministries, sometimes supported by representatives of national data protection authorities, were often robust and resilient in representing the views of their governments and stakeholders which led to the negotiations taking much longer than originally envisaged.
For example, the debate over the configuration of the one-stop shop reflected strongly-held concerns by some member states that the original Commission proposal could place significant geographical and cultural distance between where the individual making a complaint resided and where the regulatory decision was made. It took three years of intermittent discussions at DAPIX before a version of the one-stop shop was finally agreed upon by ministers.
The amount of effort required by DAPIX delegates, as well as European Commission officials in attendance, to contribute to the working group should however be acknowledged. Hundreds of hours were spent in Council buildings in Brussels poring over the text. Coupled with travel, preparation and serving ministers, parliaments and stakeholders back home, this meant that the negotiations became quite demanding for many of those involved. But more rapid progress has been made under recent presidencies which has set the scene for a general approach in June and the subsequent commencement of trialogues.
In the meantime, DAPIX delegates and in particular, all the Presidency chairs, can reflect on a great deal of hard work and significant progress made during the long road to agreement. The outside world now awaits the meeting of the Justice of Home Affairs Council on June 15-16 to see how successful the Presidency and DAPIX has been in drafting an acceptable compromise version of the GDPR, before the negotiations can move onto the next stage.
If you want to comment on this post, you need to login.