The European Commission introduced the draft General Data Protection Regulation (GDPR) in January 2012. The GDPR seeks to harmonize legislation across the EU member states, replacing the 1995 EU Directive and the varying national laws that have implemented this Directive.
The European Parliament formally adopted its compromise text for the proposed GDPR back in March 2014. The Council of Ministers is expected to adopt its general approach to the Regulation during its June 15/16 meetings in Luxembourg. If it does so, the first meeting for the so-called “trilogue” negotiations between the Commission, the Parliament and the Council with a view to agreeing on a final text for the GDPR is scheduled for June 24. It is expected that, if all goes well, these negotiations will continue until the end of the year. Even after that, the new rules will only become effective two years later — so at the earliest by the end of 2017.
As so many stakeholders have been negotiating the draft GDPR for more than three years now, various components of the draft have found a way to reach a larger audience, notably national decision makers.
That is also why, although we may have to wait for quite some time before new EU rules become effective, we are increasingly seeing national legislators introduce the new concepts and obligations themselves, without waiting for the GDPR. This trend is also driven by recent events such as the Snowden revelations and the issues around the Facebook social plug-ins.