The Justice and Home Affairs Council met on Friday 8 March to debate the latest Council discussion paper, which asked member states for their positions and concerns regarding two main elements of the GDPR - the use of a risk-based approach and the need to provide flexibility for the public sector.
The meeting was chaired by Mr Alan Shatter, Irish Minister for Justice, Equality and Defence and opened with a presentation by Commissioner for Justice, Fundamental Rights and Citizenship, Viviane Reding. The Commissioner pledged her commitment to finding concrete solutions to identified problems within the Regulation. The Commission is keen to have the instrument remain a Regulation, as opposed to a Directive, which has been called for by some parties in the debate. The exemptions for SMEs presented in the European Parliament’s Industry Committee (ITRE) report are likely to be incorporated, Ms Reding said, and the Commission is also keen to examine the inclusion of pseudonymous data. In this context, the Commissioner made specific reference to health, noting that pseudonymous data is still personal data, and is often of a sensitive nature.
The Chair then moved to take contributions from each of the member states, asking them to refer to the questions posed in the discussion document. These invited members to:
Broad support was secured for the use of codes of conduct in combination with risk assessments and the inclusion of a provision, making the appointment of a Data Protection Officer (DPO) voluntary, rather than mandatory. However, divisions remain over the issue of prior-consultation where data processing is deemed high-risk, with countries such as the UK and France supporting such provisions and others, such as Finland and Latvia, opposing them. Here, the definition of ’risk’ has also been a source of some disagreement. The UK made a strong statement in favour of changing the instrument to a Directive, rather than a Regulation, suggesting that this would also speed up the process since consensus would be easier to achieve. In contrast, the Romanian and Italian representatives were of the opinion that if a Directive is chose, implementation will be much less consistent.
Health was specifically mentioned in only one of the presentations - the Belgian representative noted their concern with the Article 21 exceptions for social security and health and said that the public sector committees in Belgium had indicated that they would prefer to use their current, tailored processes in this area.
Finally, in response to a number of comments about the progress of the dossier, Mr Shatter brought the discussion to a close by stating that the file should continue to move forward ’for practical, not political reasons’.
EPHA related articles