By Angelique Carson, CIPP/US

The Committee on Civil Liberties, Justice and Home Affairs voted Monday for a major overhaul of current EU data protection rules.

The committee adopted “en bloc” a package of compromise amendments assembled by Green MEP Jan Philipp Albrecht, rapporteur for the proposed regulation, which represented only a fraction of the 3,000 amendments initially proposed to the committee earlier this year.

The adopted text would require firms to seek permissions from a member state’s national data protection authority before any data could be transferred; impose sanctions of up to 100 million euros or five percent of a company’s annual worldwide turnover—whichever is greater—for firms who break the rules; grant citizens the right to have their personal data erased upon request (the newly coined “Right to Erasure”); require users’ explicit consent before processing data; and set limits to profiling, among other provisions.

Profiling of pseudonymous data would be allowed under the adopted amendments, however, Director of European Digital Rights Joe McNamee called the combination of articles 6 and 20 “a badly drafted license to profile without consent.”

The committee also adopted the draft text for the General Data Protection Regulation and six controversial individual compromise amendments. Further, LIBE passed an accompanying Directive for the law enforcement sector, assembled by rapporteur Dimitrios Droutsas, a Greek MEP. You can see the full press release here from LIBE.

Finally, the committee approved a mandate for Albrecht to directly start negotiations with the Council and the Commission, indicating “that the Parliament will push for rapid negotiations with the Council and the Commission in order to obtain a full vote on the final text of the proposed regulation before the Parliament elections in May 2014,” write Monika Kuschewsky and Ezra Steinhardt for Inside Privacy.

Albrecht called the vote “a breakthrough for data protection rules in Europe, ensuring that they are up to the challenges of the digital age. This legislation introduces overarching EU rules on data protection, replacing the current patchwork of national laws.”

EU Justice Commissioner Viviane Reding said, "The European Parliament has just given its full backing to a strong and uniform European data protection law that will cut costs for business and strengthen the protection of our citizens: one continent, one law.”

The Guardian reports that after two years of gridlock on the legislation—referred to as the “most intensely lobbied piece of legislation in the EU”—revelations on U.S. National Security Agency (NSA) surveillance “changed the political climate on data privacy, lending greater urgency to attempts to frame new EU rules.”

Kuschewsky and Steinhardt predict that given the amount of work the council still must accomplish, it’s “increasingly unlikely that the Council will be able to reach a general approach this year,” leaving “very little time for the trilogue process next year.” However, if an agreement is not reached before the 2014 elections, the draft bill would not automatically expire and negotiations could continue in the next session of Parliament.

Meanwhile, French newspaper Le Monde has reported on NSA internal memos detailing “the wholesale use of cookies by the NSA to spy on French diplomatic interests at the UN and in Washington.” A specific memo dated September 10, 2010 “specifies the techniques used to spy on the communications of the French diplomats,” using technologies including remotely delivered cookies … “Vagrant for capturing information from screens; and finally PBX, which is the equivalent of eavesdropping on the discussion of the French diplomatic service as if one was participating in a conference call.”

Read More by Angelique Carson:
This Week in Breach Roundup
Baker: The Grandfather of Privacy Was A Fogey
Changing Tactics: The Rise of the Privacy Advocates
How Should Your Firm Respond to the NSA Fallout?