Real progress has been made on the new EU General Data Protection Regulation (GDPR), the media reported on Wednesday.
The second round of negotiations between the European Parliament, the Commission and the Council of national justice ministers, which took place on Tuesday, saw the three sides reach an agreement on Chapter 5 and Article 3, the two elements focused specifically on territorial scope and international data transfers.
Any company processing data of a European citizen in the European Union is subject to EU law and any transfer of data outside the EU must meet certain adequacy standards, The Register wrote in a report today, citing the agreement that’s been reached on Chapter 5 and Article 3.
“This is more or less what is already enshrined in the current 1995 data protection laws, so it is a logical place to start the so-called trialogue talks,” it writes. “Broad political agreement means that "all we really need to do now is nail down the exact wording," said a source.”
After the revelations made by former NSA contractor Edward Snowden, as well as the reform of the EU-US safe harbour agreement and challenges to jurisdiction by Microsoft and Facebook, extra effort has been taken to get the GDPR onto the law books ASAP.
Negotiators have set themselves an ambitious deadline - the Justice and Home Affairs Council meeting in October, The Register says.
A Data Protection Directive, which covers law enforcement agencies (as opposed to the regulation which applies to companies), is also on the table and Parliamentary representatives have said they want the two laws to be treated as a package