The Council a partial general approach on specific issues of the draft regulation setting out a general EU framework for data protection, on the understanding that:
- nothing is agreed until everything is agreed and does not exclude future changes to be made to the text of the provisionally agreed Articles to ensure the overall coherence of the Regulation;
- it is without prejudice to any horizontal questions;
- it does not mandate the presidency to engage in informal trilogues with the European Parliament on the text.
The partial general approach includes some articles which are crucial to the question of the public sector (Article 1 (subject matter and objectives), Article 6 (lawfulness of processing), Article 21 (restrictions)) as well as chapter IX (provisions relating to specific data processing situations).
The agreed text of Articles 1, 6, paragraphs (2) (3), and 21 and of the corresponding recitals now clearly provides the framework within which Member States will be able to maintain and adopt legislation under this Regulation. The Presidency believes that the text is a balanced one, granting Member States an appropriate measure of flexibility while maintaining a coherent structure of the Regulation.
The general approach comprises Chapter XI on the provisions relating to specific data processing situations (e.g. rules governing freedom of expression and information, access to official public documents, re-use of public information, for health purposes, such as public health and social protection and the management of health care services, derogations applicable to processing personal data for historical, statistical or scientific purposes and for archiving purposes).
The question whether and how to deal with processing of personal data by the public sector in the draft General Data Protection Regulation (GDPR) is one of particular sensitivity and importance to delegations. At the informal Ministerial Meeting in Milan on 9 July 2014 an overall majority of Member States supported a Regulation as legal instrument, but the need to provide Member States with sufficient leeway to determine the data protection requirements applicable to the public sector was equally emphasised.
The “one-stop-shop” mechanism: the Council also held a debate on the "one stop shop" mechanism on the basis of a proposal presented by the Presidency. A majority of ministers endorsed the general architecture of the proposal and concluded that further technical work will need to be done in the coming months on the basis of the guidelines set out at the 2013 October and December JHA Councils:
- in important transnational cases the draft Regulation should establish a one-stop shop mechanism in order to arrive at a single supervisory decision, which would be fast, ensure consistent application, provide legal certainty and reduce administrative burden;
- experts should explore methods for enhancing the “proximity” between individuals and the decision-making supervisory authority by involving the local supervisory authorities in the decision-making process;
- further work at technical level should include investigating the possibility of providing the European Data Protection Board in some cases with the power to adopt binding decisions regarding corrective measures.