1. General introductionIn the digitalised and global world the way in which personal data are collected,accessed, used and transferred has been profoundly transformed and becomeincreasingly sophisticated. New technologies allow for an ever-increasing volume ofpersonal data. Likewise law enforcement authorities have significantly increased theirprocessing of personal data activities for the performance of their tasks.In this challenging environment, the protection of personal data has become an essentialissue of interest as regards the rights of the individual with regard to the protection ofher/his personal data, on one-side, and the question of necessary and proportionateprocessing of personal data, by private entities and public authorities, on the other side.Data protection is a fundamental right enshrined in Article 8 of the Charter ofFundamental Rights of the European Union, and in Article 16 of the Treaty on theFunctioning of the European Union (TFEU).In that regard, based on the experience with the current Directive 95/46/EC of theEuropean Parliament and of the Council of 24 October 1995 on the protection ofindividuals with regard to the processing of personal data and on the free movement ofsuch data (OJ L 281, 23.11.1995, p. 31) and Council Framework Decision 2008/977/JHAof 27 November 2008 on the protection of personal data processed in the framework ofpolice and judicial cooperation in criminal matters (OJ L 350, 30.12.2008, p. 60),1as wellas the input of the European Parliament2, the Commission has proposed two new legalinstruments - proposal for a Regulation on the protection of individuals with regard tothe processing of personal data and on the free movement of such data (General DataProtection Regulation, COM(2012) 11) and proposal for a Directive on the protection ofindividuals with regard to the processing of personal data by competent authorities forthe purposes of prevention, investigation, detection or prosecution of criminal offencesor the execution of criminal penalties, and the free movement of such data (DataProtection Directive, COM(2012)10). Initially the Commission intended to present asingle horizontal instrument.3The two new instruments, if adopted, would substantiallydefine the EU data protection principles and rules for the following decades. The aim ofthe two proposals, as stated by the Commission, is to establish a modern, strong andconsistent legislative framework across Union policies, enhancing individuals' rights,deepening the Single Market dimension of data protection, cutting red tape forbusinesses, and addressing issues posed by transnational flows of personal data.In that regard the two instruments should, inter alia, end the current fragmentationthrough specific national rules (therefore the form of a Regulation for the first proposal),extend common principles to purely internal data processing situations in the lawenforcement area as well (as regards the Directive), so as to ensure a high level ofSee also Commission Communication on safeguarding privacy in a connected world - A European dataprotection framework for the 21st century (COM(2012)0009).2Resolution of the European Parliament of 6 July 2011 on a comprehensive approach on personal dataprotection in the EU (P7_TA-PROV(2011)0323).3Commission Communication on a comprehensive approach on personal data protection in the European Union(COM(2010)0609).1

protection of the fundamental right of the individual to data protection. As aconsequence trust of individuals in the digital economy and trust of citizens in theprotection of fundamental rights by police and judicial authorities of Member Stateswould be enhanced, and hence contributing to economic growth and the efficient workof law enforcement authorities.2. Main elements of the reformThe main elements of the reform are: - data protection as a fundamental right; -coverage of all kinds of situations and all kinds of sectors, - technological neutrality ofthe legal framework to cover different processing techniques - preventing fragmentationand providing legal certainty for individuals, enterprises and public entities, - providingharmonisation for processing of personal data by law enforcement authorities and theexchange between them, - ensuring the protection of EU individuals where personaldata are transferred to third countries while providing safe and flexible tools forinternational data flows.1In that regard the proposed instruments envisage several novelties. The proposal for aRegulation will introduce the concept of "main establishment", a single law applicable todata processing of a controller, the so called "one stop shop", the recognition of the rightto be forgotten and the right to portability of personal data, data protection by designand by default, notification of data breaches, data protection officers, internationaltransfers based on adequacy decisions or other appropriate safeguards, namely bindingcorporate rules, specific rules on data protection authorities with adequate enforcementpowers, a consistency mechanism, sanctions, specific provisions on freedom ofexpression or the employment context. The instruments also clarify several provisionssuch as the notion of "consent", the provisions on profiling or the exercise of the datasubject's rights. The proposal for a Directive sets out a harmonised framework with aminimum level of protection which will apply to processing of personal data by lawenforcement authorities both at domestic level and in cases of exchanges of personaldata between Member States' law enforcement authorities.Such goals and the proposed changes arose a legitimate debate regarding, inter alia,questions on the appropriateness of the proposals to achieve the mentioned goals, therelation between general Union law and national specific laws, the inter-linkage of bothlegislative instruments especially in cases of law enforcement access to data held byprivate companies, proper safeguards as regards international data sharing and onwardtransfers, reduction of regulatory/administrative burden and costs for data controllers,appropriateness and effectiveness of sanctions, clarifications on “profiling”, "legitimateinterest", "public interest" and "public security", portability of data, data protection bydesign and by default. Implementation as regards the role of the Commission throughdelegated and implementing acts and in the consistency mechanism, independence ofand division of roles between data protection authorities, etc.See EP working document of 6 July 2012 on the General Data Protection Regulation and on the Directive onthe processing of personal data for the purposes of prevention, investigation, detection or prosecution of criminaloffences (PE491.322v01).1

3. Objectives of this inter-parliamentary meetingThe Interparliamentary Committee Meeting prepared jointly by the EP Committee onCivil Liberties, Justice and Home Affairs (LIBE) and the Legislative Dialogue Unit (LDU)is intended to reflect on some of the mentioned issues and to engage members of theEuropean Parliament and national Parliaments in an exchange of views and aconstructive dialogue. Such a dialogue is essential, as already several nationalParliaments took special interest in the proposed instruments, as shown by severalreasoned opinions and contributions issued by national Parliaments.1The two day meeting will be divided into seven sessions reflecting the main questionsraised by the two proposals: I. The reform of the EU Data Protection framework (generaldiscussion), II. Data protection rights, III. Data protection and law enforcement, IV. Dataprocessors and controllers in the private sector, V. Implementation, DPAs andconsistency, VI. Police data sharing and access to private data bases, and VII. Dataprotection in the global context. For each topic some specific questions were raised andprovided beforehand to national Parliaments (see Annex).Such a structured dialogue and its output will help the two LIBE Rapporteurs and theother Members of the LIBE Committee and the European Parliament in general to dulyreflect on and take into account the concerns of national parliamentarians in theframework of the legislative procedure being conducted at EU level.

Order of businessTuesday, 9 October 20129.00 - 9.309.30 - 10.30Moderator:Speakers:Opening by President of the European Parliament MartinSCHULZSESSION I -The reform of the EU Data Protection frameworkBuilding trust in a digital and global worldJuan Fernando LÓPEZ AGUILAR,Chair of the Committee on CivilLiberties, Justice and Home AffairsCYPRUS PARLIAMENT, Chair of the corresponding committee (tbc)CYPRUS PRESIDENCY, Minister (tbc)Francoise LE BAIL, European Commission (tbc)AcademiaQuestions and Answers from national parliamentarians and MEPs10.30 - 12.30SESSION II - Data protection rights - Harmonisedrights for aclear and better protection, easier enforcement and building moretrustJan Philipp ALBRECHT,MEP, Rapporteur on the Data ProtectionRegulationRepresentative of a national ParliamentNational DPAAcademiaIndustryNGOQuestions and Answers from national parliamentarians and MEPsLunch Break15.00 - 15.3015.30 - 17.00Moderator:SpeakersOpening by Commissioner Viviane REDING (tbc)SESSION III - Data protection and law enforcementDimitrios DROUTSAS,MEP, Rapporteur on the Data ProtectionDirectiveRepresentative of a national ParliamentEurojustEuropol5/12Version 1 - 20.07.2012

Wednesday, 10 October 20129.00- 10.45Moderator:Speakers:SESSION V - Implementation, DPAs andensuring consistencyMarielle GALLO,MEP, JURI Draftsperson, andLara COMI,MEP,IMCO DraftspersonRepresentative of a national ParliamentPeter HUSTINX, European Data Protection SupervisorJacob Kohnstamm, President of the Article 29 Working PartyFundamental Rights AgencyQuestions and Answers from national parliamentarians and MEPs10.45- 12.30Moderator:Speakers:SESSION VI -Police data sharing and access to private data basesSophia IN'T VELD,MEP, andTimothy KIRKHOPE,MEPRepresentative of a national ParliamentNational policePrivate sectorAcademiaQuestions and Answers from national parliamentarians and MEPsLunch Break6/12Version 1 - 20.07.2012

ANNEXIMPORTANT NOTICE FOR THOSE WISHING TO ATTENDTHE MEETINGThis meeting is open to the public. However, for security reasons, participants who do not have aEuropean Parliament access badge must obtain a pass in advance. Those wishing to obtain sucha pass should contact the secretariat ([email protected])before 1 October2012 at noon.It is essential to provide us with yourLAST NAME, First name, date of birth,nationality, type of the ID (passport, identity card, driving licence, etc.), number of the ID,address and company/institution/organisation.Without this information, the SecurityService will not provide entry passes.1All participants from the national Parliaments (Members, officials and Brussels basedrepresentatives) need to complete the online registration form for the event (a link will beprovided at the beginning of September 2012).PRACTICAL GUIDELINES FOR THE DEBATE•During the discussion, so as to make it possible for the highest number of parliamentarians tointervene, speaking time of speakers will be limited to

ten minutes

and speaking time of otherparticipants to

two minutes

per contribution or question.•Members are kindly asked to fill in the sheet requesting speaking time (indicating their name andparliament) which will be distributed in the meeting room.•Speakers wishing to supplement their speeches may do so in writing by submitting a document(preferably in English or French) in advance to the secretariat (email:[email protected]).These documents will be circulated during the meeting.•Meeting documents will be progressively added to the Hearings section of the LIBE Committeepages:http://www.europarl.europa.eu/activities/committees/homeCom.do?language=EN&body=LIBEand to the EP webpage on Relations with national Parliamentshttp://www.europarl.europa.eu/webnp/cms/lang/en/pid/15THE MEETING IS BROADCASTED LIVE AND RECORDEDLIBE Committee pages:http://www.europarl.europa.eu/activities/committees/homeCom.do?language=EN&body=LIBE

Interparliamentary Committee Meeting onThe reform of the EU Data Protection framework - Building trust in a digital andglobal world9/10 October 2012Questionnaire addressed to national ParliamentsPlease, find attached a number of questions that will serve as the basis for the panels ofthe Interparliamentary Committee Meeting on 9/10 October 2012.Replies to the questionnaire (in English, French or German) should be sent by Friday, 21September 2012 to[email protected].Please, find below for your convenience a link to the website of the EuropeanCommission on EU data protection in general and specifically on the two legislativeproposals on data protection (General Data Protection Regulation and Data ProtectionDirective on criminal law):http://ec.europa.eu/justice/data-protection/index_en.htmSESSION I -The reform of the EU Data Protection framework - Building trust in adigital and global world1. Do you see a necessity and added value in the proposed EU Data Protectionreform (questions on subsidiarity and the chosen legal form - two instruments -regulation and directive)?2. How do you see the relation between Union and national legislation (questionson subsidiarity and the chosen legal form - two instruments - regulation anddirective)? Should there be more flexibility for Member States to regulate dataprocessing in special situations? How would this affect the harmonisation of theinternal market?3. What are in your opinion the main missing elements, if any, of the current EUsystem of data protection based on Directive 95/46/EC and Framework Decision2008/977/JHA?4. How to ensure that the envisaged legislation will keep up with technologicaldevelopments? Are, in your opinion, the principles of “privacy by design” and“privacy by default” an adequate approach?

SESSION II - Data protection rights and principles - Harmonisedrights for a clearand better protection, easier enforcement and building more trust5. What is your opinion about the provisions regarding the rights of data subjectsand their applicability in practice, such as portability, right to be forgotten,deadlines to address requests for access, rectification?6. What is your opinion about the principles underlying these rights, such as theneed for a legal basis for data processing, the conditions for consent, or thenotions of “public security” or “legitimate interest” as a basis for data processing?SESSION III - Data protection and law enforcement/SESSION VI -Police data sharingand access to private data bases7. Should such a new framework also apply to purely domestic processing activitiesby law enforcement or should it be limited to cross-border cases only (questionof reversed discrimination, data protection as a common fundamental right fromthe Charter, subsidiarity, etc.)?8. There is a growing tendency by law enforcement to have access to data held byprivate companies for commercial purposes; how to ensure a proper balancebetween law enforcement needs and fundamental rights?SESSION IV -Data controllers and processors in the private sector and free flow ofinformation in the internal market9. Is the proposal reducing regulatory/administrative burden for data controllers,especially as regards small and medium enterprises (SMEs)?10. How will the "one-stop shop" mechanism impact on the laws of the MemberStates and on the rights of the data subject (legal and linguistic obstacles, etc.)?How to guarantee that decisions are lawfully enforceable in the Member State ofresidence of the data subject?11. How to ensure that the envisaged legislation will keep up with technologicaldevelopments? Are, in your opinion, the principles of “privacy by design” and“privacy by default” an adequate approach?SESSION V - Implementation, DPAs andensuring consistency12. How do you evaluate the proposed sanction mechanism (level of sanctions,proportionality, discretion, legal remedies, etc.)? How would this affectprovisions in your Member State, and what are the experiences with the currentmodel?

13. How do you evaluate the proposed consistency mechanism (the fact that nationalDPAs will be required to abide by the decision taken within the consistencymechanism, and the questions of their independence and the risk to act in breachof national law)? How do you perceive the proposed role of the Commission inthat regard, especially as regards the question of independence of the EuropeanData Protection Board?14. How do you evaluate the resources of the data protection authority/authoritiesin your Member State? How to ensure they are sufficient in a world of ever moredata processing?SESSION VII -Data Protection in the global context- Protecting rights in the globalworld15. How do you evaluate the proposed international transfer mechanism in bothproposals taking into account that the EU and third states frameworks are notalways based on same principles and do not offer the same protections forindividuals?16. The Commission has indicated that its proposal aims at simplifying internationaltransfers and overcome burden for controllers. Does this mean that data subjects'rights will be less protected?17.Do you have any other remarks as regards the proposed reform package?