The Article 29 Working Party outlined its agenda for 2012 at a recent plenary meeting in Brussels. Not surprisingly, the top priority is a new legal framework for data protection. But other topics, some of interest for US data protection developments, were discussed as well.

  1. Revision of the EU data protection framework: To ensure that EU data protection authorities can consistently apply the EU data protection rules, the revisions to the current Data Privacy Directive will emphasize harmonization efforts to advance the cooperation and coordination between the various authorities.
  2. WADA: The EU has ongoing concerns related to the current legal framework and the protection of athletes’ personal information. The EU Commission, supported by the Working Party, will provide comments to the proposed revision of WADA’s World Anti-Doping Code, which is planned for 2013.
  3. Cooperation with the European Network and Information Security Agency (ENISA): The Working Party and ENISA share common interests with regard to data breach notifications and will intensify their cooperation.
  4. EU Agency for Fundamental Rights (FRA): While the discussion addressed projects of the near future such as redress mechanisms and the publication of a Handbook on European data protection case law, FRA has long been critical of Passenger Name Record (PNR) data transmissions and a cooperation with the Working Party may suggest that the use of PNR will come under scrutiny again.

Whether the newly harmonized EU data protection rules will be a curse or a blessing for US companies doing business in the EU remains to be seen. Frustration by certain EU member states over a lack of cooperation between the national data protection authorities is undoubtedly a driving force behind this recent development and, as a result, the current practice of concentrating business operations in the jurisdiction with the least onerous data protection laws may soon come to an end. But if the closing of national loopholes is mitigated by a uniform application of data protection principles, it may be a worthwhile sacrifice.