The purpose of this site is to gather and list the relevant official documents which have been published in the context of the reform process of European data protection law, particularly the proposal for a General Data Protection Regulation (#EUDataP on Twitter). This site will only contain links to documents published by and publicly accessible through the websites of European institutions (no “leaked” documents).
The institutions are: 1) European Commission, 2) European Parliament, 3) Council of the European Union, 4) European Economic and Social Committee, 5) Article 29 Working Party, 6) European Data Protection Supervisor, 7) Fundamental Rights Agency and 8) Committee of the Regions. The links are sorted from top to bottom on the basis of the release date.
To check the status of the decision-making progress on the General Data Protection Regulation, click here (PreLex).
NOTE: most linked documents are PDF-files.
1) European Commission
- Summary of replies to the public consultation about the future legal framework for protecting personal data, 4.11.2010
-
Communication from the Commission, A comprehensive approach on personal data protection in the European Union COM(2010) 609 final, 4.11.2010
- Commission Staff Working Paper, Impact Assessment, SEC(2012) 72 final // Anexes to the Impact Assessment, 25.1.2012
- Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM(2012) 11 final, 25.1.2012
2) European Parliament
- LIBE Committee, Report on a comprehensive approach on personal data protection in the European Union, A7-0244/2011, 22.6.2011
- Study by the Directorate General for Internal Policies: Reforming the Data Protection Package, PE 492.431, September 2012
- LIBE Committee, Draft Report, PE 501.927v04-00, 16.1.2013
- LIBE Committee, Report, A7-0402/2013, 21.11.2013
- NOTE that this document also contains:
- Explanatory Statement by the Rapporteur Jan Philipp Albrecht
- Opinion of the Committee on Employment and Social Affairs
- Opinion of the Committee on Industry, Reserach and Energy
- Opinion of the Committee on the Internal Market and on Consumer Protection
- Opinion of the Committee on Legal Affairs
- NOTE that this document also contains:
3) Council of the European Union
-
Data protection package – Report on progress achieved under the Cyprus Presidency, 16525/1/12 REV 1, 3.12.2012
-
Implementation of risk-based approach; Flexibility for the Public Sector, 6607/1/13 REV, 11.3.2013
-
Key issues of Chapters I – IV, 10227/13, 31.3.2013
- Revised Version of the General Data Protection Regulation, 11013/1, 21.6.2013
-
The one-stop-shop mechanism, 13643/13, 18.9.2013
-
The one-stop-shop mechanism, 14260/13, 3.10.2013
-
Essential elements of the one-stop-shop mechanism, 17025/13, 4.12.2013
-
Comments on Chapter V, 6723/5/13 REV 5, 12.12.2013
- Revised Version of the General Data Protection Regulation, 17831/13, 16.12.2013
-
Specific issues of Chapters I – IV: Pseudonymous data and Profiling, 17971/13, 19.12.2013
- Certain aspects of the relationship between controllers and processors, 5345/14, 15.1.2014
-
Chapter IX : Articles 83a and 83c, 5331/14, 16.1.2014
- Pseudonymisation, 5332/14, 16.1.2014
- Profiling, 5344/14, 16.1.2014
-
Comments on Chapter IX – X, 5406/1/14 REV 1, 17.1.2014
-
Pseudonymisation, 5332/1/14, 20.1.2014
- Data portability, 5879/14, 31.1.2014
- Data Protection Impact and Prior Checks, 5880/14, 31.1.2014
- Article 26, 5881/14, 31.1.2014
-
One-stop-shop meachnism, 5882/14, 31.1.2014
-
Comments on Chapters IX – XI, 5406/2/14 REV 2, 10.2.2014
- Profiling, 5344/1/14 REV 1, 13.2.2014
- One-stop-shop mechanism, 5882/1/14 REV 1, 13.2.2014
-
Chapter IX : Articles 83a and 83c, 5331/1/14 REV 1, 13.2.2014
- One-stop-shop mechanism, 6637/14, 18.2.2014
- Comments from the Slovak Republic on Articles 11 – 27, 14147/12 ADD 1, 25.2.2014
-
Comments from the Slovak Republic on Articles 28 – 39, 6278/13 ADD 1, 25.2.2014
- Comments from the Slovak Republic on Chapters I and II, 9897/12 ADD 1, 25.2.2014
- Profiling, 6079/14, 25.2.2014
- [First reading], Orientation debate on certain issues, 6762/1/14 REV 1, 28.2.2014
- One-stop-shop mechanism, 7464/14, 11.3.2014
- Profiling, 6079/1/14 REV 1, 11.3.2014
- Data portability, 8172/14, 24.3.2014
- Chapter V, 8087/14, 25.3.2014
- Outcome of the European Parliament’s first reading, 7427/1/14 REV 1, 27.3.2014
- One-stop-shop mechanism, 7464/1/14 REV 1, 27.3.2014
-
One-stop-shop mechanism, 7464/2/14 REV 2, 3.4.2014
-
Article 26, 5881/1/14 REV 1, 3.4.2014
- Comments on Chapter V, 6723/6/13 REV 6, 23.4.2014
- Chapter V, 8087/1/14 REV 1, 28.4.2014
-
One-stop-shop mechanism, 9327/14, 30.4.2014
- Chapter V, 8087/2/14 REV 2, 12.5.2014
-
Orientation debate on one-stop-shop mechanism, 10139/14, 26.5.2014
- Information Note by the Council Legal Service, Judgment of the Court (Grand Chamber) of 13 May 2014 in Case C-131/12, 10187/14, 26.5.2014
-
Partial General Approach on Chapter V, 10349/14, 28.5.2014
- Processor (Revision of Article 26), 10615/14, 6.6.2014
- Data Protection Impact and Prior Checks, 10616/14, 6.6.2014
- Data Portability (Revision of Article 18), 10614/14, 6.6.2014
- Profiling, 10617/14, 10.6.2014
- General Data Protection Regulation (Revised Version after the term of the Greek Presidency), 11028/14, 30.6.2014
- Right to be forgotten and the Google judgment, 11289/14, 3.7.2014
- Risk based approach, 11481/14, 3.7.2014
- Flexibility for national legislation in the draft Regulation, 11640/14, 7.7.2014
- Note from the French authorities – Mechanism for the certification of controllers and processors not established in the EU and wishing to benefit from data transfers from the European Union, 11715/14, 9.7.2014
- The right to be forgotten, 12274/14, 31.7.2014
- Risk based Approach, 12267/14, 31.7.2014
- Chapter IV, 12312/14, 1.8.2014
- The right to be forgotten, 12274/1/14, REV 1, 6.8.2014
- Risk based Approach, 12267/2/14, REV 2, 2.9.2014
- The right to be forgotten, 12274/2/, REV 2, 3.9.2014
- Right to be forgotten and the Google judgment, 11289/1/14, REV 1, 3.9.2014
-
Note from the French authorities on the proposal for a Data Protection Regulation – certification mechanism, including for transfers outside the European Union, 13187/14, 12.9.2014
- Chapter IV, 12312/1/14, REV 1, 17.9.2014
- Public sector and Chapter IX, 13355/14, 22.9.2014
- Chapter IV, 12312/2/14, REV 2, 22.9.2014
- Chapter IV, (Austrian Delegation suggestions) 13505/14, 23.9.2014
- Chapter IV, First reading, 12312/3/14, REV 3, 26.9.2014
-
The right to be forgotten and the Google judgment – Orientation debate, First reading, 13619/14, 29.9.2014
- Chapter IV, First reading, 13772/14, 3.10.2014
-
IX, 14098/14, 13.10.2014
- Chapter II, Article 21 and Chapter IX, 14270/14, 16.10.2014
-
IX, 14098/1/14, REV 1, 20.10.2014
- Minimum harmonisation clause (by
Hungarian delegation), 14732/14, 24.10.2014
- Pseudonymisation (by German delegation), 14705/14, 24.10.2014
- Chapter II, Article 21 and Chapter IX, 14270/1/14, REV 1, 24.10.2014
- Recital 38 (by Finnish delegation), 14756/14, 27.10.2014
- Consent (by German delegation), 14707/14, 27.10.2014
-
Danish proposal for amendments to the General Data Protection Regulation (GDPR), 14797/14, 28.10.2014
-
Proposals for amendments and comments on Article 1(2a) and 21, Chapter II and IX, and deceased persons (by Estonian delegation), 14786/14, 28.10.2014
- Chapter II, Art 21 and Chapter IX (by Austrian delegation), 14784/14, 28.10.2014
-
The one-stop-shop mechanism, 14788/14, 31.10.2014
- Consent, 14707/1/14, REV 1, 3.11.2014
-
Processing in the employment context, 15108/14, 5.11.2014
-
Processing for purposes of social protection, 15106/14, 5.11.2014
- Partial General approach – Public Sector, 15389/14, 13.11.2014
-
The one-stop-shop mechanism, 14788/1/14, REV 1, 13.11.2014
-
Chapter IX, 15544/14, 14.11.2014
- Council Legal Service: Compatibility with the Treaties of a possible minimal harmonisation clause introduced in the draft Regulation for certain activities carriedout in the public sectoion, 15712/14, 18.11.2014
- Austrian Proposals for amendment regarding Chapters I, II and IX and related recitals, 15768/14, 19.11.201
- Public sector and Chapter IX, 15655/14, 21.11.2014
-
The one-stop-shop mechanism = Orientation debate, 15656/14, 25.11.2014
- Public sector and Chapter IX, 15655/1/14, REV 1, 25.11.2014
- The one-stop-shop mechanism = Orientation debate, 15656/1/14, REV 1, 28.11.2014
- Partial general approach = Orientation debate, 16140/14, 1.12.2014
-
Public sector and Chapter IX = Partial general approach, 16140/13, COR 1, 1.12.2014
- The one-stop-shop mechanism, 16974/14, 16.12.2014
- General Data Protection Regulation (Full Text after Italian Presidency), 15395/14, 19.12.2014
- Chapter II, 17072/14, 23.12.2014
- The one-stop-shop mechanism, 5315/15, 15.1.2015
- Pseudonymisation, 1470/1/14, REV 1, 15.1.2015
- Discussion note on possible thresholds for submitting cases to the EDPB, 5331/15, 21.1.2015
- British delegation: The one-stop-shop mechanism, 5572/15, 23.1.2015
- Austrian delegation: The one-stop-shop mechanism, 5571/15, 23.1.2015
- Swedish delegation: Amendments to Article 9a, processing of data relating to criminal convictions and offences, 5569/15, 23.1.2015
- Irish delegation: The one-stop-shop mechanism, 5534/15, 23.1.2015
- The one-stop-shop mechanism, 5627/15, 2.2.2015
- Austrian delegation: The one-stop-shop mechanism, 5571/15, 3.2.2015
- Chapter II, 17072/1/14, REV 1, 3.2.2015
- German delegdation: Consent, 14707/2/14, REV 2, 4.2.2014
- The one-stop-shop mechanism, 5627/1/15, REV 1, 11.2.2015
- German delegdation: Consent, 14707/3/14, REV 3, 17.2.2015
- Chapter II, 17072/2/14, REV 2, 18.2.2015
- The one-stop-shop mechanism, 6286/15, 19.2.2015
- The one-stop-shop mechanism, 6286/1/15, REV 1, 25.2.2015
- Chapter II, 17072/3/14, REV 3, ADD 1, 26.2.2015
- Chapter II, 17072/3/14, REV 3, 26.2.2015
- Austrian delegation: Comments and Proposals regarding Chapter II, in particular with a view to the issues of “legitimate interest”, “further processing” and “processing for statistical purposes”, 6741/15, 3.3.2015
- The one-stop-shop mechanism, 6286/2/15, REV 2, 4.3.2015
- Chapter II, 17072/4/14, REV 4, 4.3.2015
- Chapter II, 6834/15, 9.3.2015
- The one-stop-shop mechanism, 6833/15, 9.3.2015
- Chapter II, 6834/15, COR 1, 10.3.2015
- Chapter II, 6834/15, COR 2, 11.3.2015
- The one-stop-shop mechanism, 6833/15, COR 3, 11.3.2015
- The one-stop-shop mechanism, 6833/15, COR 2, 11.3.2015
- The one-stop-shop mechanism, 6833/15, COR 5, 12.3.2015
-
Chapter III and VIII, 7084/15, 16.3.2015
-
Chapters II, VI and VII (as agreed in the partial general approach), 7466/15, 26.3.2015
- Chapters III and VIII, 7586/15, 27.3.2015
- Chapters III and VIII, 7526/15, 27.3.2015
- Chapters III and VIII (position of the Spanish delegation in relation to Article 17), 7586/15, ADD 1, 31.3.2015
- Chapters I and XI, 7700/15, 10.4.2015
- Chapter III, 7651/15, 10.4.2015
-
Chapters III and VIII, 7586/1/15, REV 1, 10.4.2015
- Chapter VIII, 7722/15, 13.4.2015
- Chapters III and VIII (comments from CZ, DE, IE, ES, FR, HR, NL, AT, PL, PT, FI and UK), 7586/2/15, REV 2, 20.4.2015
- Chapter VIII, German delegation, 8150/15, 21.4.2015
- Chapters I and III, German delegation, 8089/15, 22.4.2015
-
Preparation for a general approach: Chapter III, 7978/15, 24.4.2015
- Chapters I and XI, Swedish delegation, 8353/15, 27.4.2015
- Preparation for a general approach: Chapter III, 7978/1/15, REV 1, 27.4.2015
- Chapters I and XI, 8327/15, 30.4.2015
- Chapter VIII, 8371/15, 4.5.2015
- Chapter VIII, German delegation, 8150/1/15, REV 1, 6.5.2015
- Chapter III and horizontal issues, including Chapter II, Article 6, 8835/15, 12.5.2015
- Chapters I and XI, 8834/15, 12.5.2015
- Delegated and implementing acts, 8833/15, 13.5.2015
- Chapter VIII, 8383/15, 13.5.2015
- Horizontal issues, 8836/15, 18.5.2015
- Article 6 and recital 40 in Chapter II and Chapter III, 9082/15, 22.5.2015
- Delegated and implementing acts, 9185/15, 26.5.2015
- Chapter VIII, 9083/15, 27.5.2015
- General Data Protection Regulation (Full Text as it stands on 29.5.2015), 9398/15, 1.6.2015
- General Data Protection Regulation (Full Text as it stands on 1.6..2015), 9281/15, 3.6.2015
- Chapter I-Article 2(e)-scope of the General Data Protection Regulation and the Data Protection Directive, 8745/1/15, REV 1, 3.6.2015
- Chapter I-Article 2(e)-scope of the General Data Protection Regulation and the Data Protection Directive, 8745/2/15, REV 2, 3.6.2015
- Chapter I-Article 2(e)-scope of the General Data Protection Regulation and the Data Protection Directive, 8745/3/15, REV 3, 5.6.2015
- General Data Protection Regulation (Full Text as it stands on 5.6..2015), 9657/15, 8.6.2015
- General Data Protection Regulation – Preparation of a general approach (Full Text as it stands on 9.6..2015), 9788/15, 11.6.2015
- General Data Protection Regulation – Preparation of a general approach (Full Text adopted at JHA Council Meeting on 15.6.2015), 9565/15, 11.6.2015
-
Chapter I-Article 2(e)-scope of the General Data Protection Regulation and the Data Protection Directive, 8745/4/15, REV 4, 11.6.2015
4) European Economic and Social Committee
- Opinion on the General Data Protection Regulation, SOC/455 – CESE 1303/2012, 23.5.2012
5) Article 29 Working Party
- Letter addressed to Vice-President Reding regarding the Article 29 WP’s reaction to the Commission Communication “A comprehensive approach to personal data protection in the EU”, 14.1.2012
- Opinion 01/2012 on the data protection reform proposals, WP 191, 23.3.2012
- Opinion 08/2012 providing further input on the data protection reform discussions, WP 199, 5.10.2012
- Working Document 01/2013 – Input on the proposed implementing acts, WP 200, 22.1.2013
- Statement of the Working Party on current discussions regarding the data protection reform package, 27.2.2013
- Advice paper on essential elements of a definition and a provision on profiling within the EU General Data Protection Regulation, 13.5.2013
- Letter from the Article 29 Working Party to the Greek Permanent Representation to the EU on the upcoming Greek Presidency, 11.12.2013
- Statement of the WP 29: Main points for a one-stop-shop and consistency mechanism for businesses and individuals, 16.4.2014
6) European Data Protection Supervisor
- Additional EDPS Comments on the Data Protection Reform Package, 15.3.2013
- EDPS letter to the Council of Ministers regarding progress on the data protection reform package, 14.2.2014
7) Fundamental Rights Agency
8) Committee of the Regions
THANKS TO MR. CARLO PILTZ FOR PERMISSION TO REPUBLISH THIS VERY USEFUL LINKS COLLECTION OF GENERAL DATA PROTECTION REGULATION APPROVAL PROCESS (ORIGINAL POST AVAILABLE HERE).