skip to main content
Close Icon

In order to deliver a personalized, responsive service and to improve the site, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. By continuing to use this site and access its features, you are consenting to our use of cookies. To find out more about the way Informa uses cookies please go to our Cookie Policy page.

Global Search Configuration

Ovum view


On June 15, 2015 the European Commission announced that its proposal for a new Data Protection Regulation had finally reached the stage of “trilogue” negotiations (i.e., negotiations between the EU Council, the Commission, and the Parliament) after justice ministers in the EU Council agreed on a compromise text. This increases the likelihood of the EU institutions approving the regulation by the end of the year. However, a large part of the scope will now be left to national legislation, which could lead to most of the initial objectives of the proposal not being met.

The large number of exceptions is watering down the text and reducing the much-needed consistency

Even as the announcement came that the proposal for the new Data Protection Regulation had moved to the final stage of negotiation, the optimism that this step was supposed to spark was fading away among many stakeholders. The start of the trilogue negotiations should be welcome after more than three years of work on and amendments to the EC’s initial proposal, yet the details show that the members of the EU council have “agreed to disagree” on key parts of the regulation instead of reaching meaningful and functioning compromises.

Exceptions have been accepted on more than one-third of the articles of the proposals, meaning that the relevant aspects will be regulated by individual national legislation. In practice, the regulation (which is supposed to be valid for all EU states without needing national legislators to transpose it) is being turned into a de facto directive. In fact, the situation may be even worse, given that the EC has a process in place to ensure that directives are transposed in a correct and timely fashion, whereas a regulation is supposed to be valid for all EU countries once it has been passed.

Crucially, the issue is not only one of quantity. It is now proposed that national legislators will be able to rule on key aspects of the rules, including the definition of “data controller” and the rights of the data subject stated in the Articles 12–20 of the proposal. As things stand the regulation is going to benefit neither consumers nor businesses because it removes most of the consistency that the initial proposal aimed to achieve. It also contains loopholes that make many of the stated rights of the data subject no more than empty promises.

Although it is now more realistic that the regulation will be passed by the end of 2015, there are huge questions as to the actual impact of a framework that is both more confusing and potentially less effective than the outdated rules it is meant to replace.


Further reading

Data Protection Tracker: 1Q15, TE0007-000867 (January 2015)

Current Status and Future Developments in Data Protection, TE0007-000812 (August 2014)


Luca Schiavoni, Senior Analyst, Regulation

Recommended Articles


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700

Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

+44 (0) 207 551 9047 - Operational from 09.00 - 17.00 UK time

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 7770704398 or email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now