Tech companies are also unhappy with the Council's plan. Data-protection reform is supposed to put in place a "one-stop-shop" mechanism that would make it easier for businesses and citizens across the EU to deal with privacy-related complaints.
The original proposal for one-stop-shop mechanism gave international companies one Data Protection Authority to deal with, rather than multiple national regulators. However, critics have said that by adding unnecessary steps, the Council has made that part of the data-protection plan vastly more bureaucratic than it needs to be.
"This is not the one stop shop we were hoping for, because it allows for parallel proceedings in different EU countries. It needs more work," said John Higgins, director general of DigitalEurope, which represents companies including Google, Apple and Cisco.
There are months of negotiations ahead before a final data protection package becomes law. The Council, Commission and Parliament need to reach a compromise agreement on a final plan. Luxembourg, which will lead the Council of the EU for six months from July 1, intends to close the negotiations before the end of the year.
The lead member of the European Parliament on data protection regulation, Jan Philipp Albrecht, is hopeful that a compromise can be reached by the end of the year.
"There are clearly differences, notably on consumer rights and the duties of businesses," Albrecht, a German Green Party member, said in a press release. "However, if we can negotiate constructively and pragmatically, it should be possible to deliver a compromise acceptable to both sides within the timeframe."
Sign up for CIO Asia eNewsletters.