Unravelling the mysteries of the GDPR trilogues | Fieldfisher
Skip to main content

Unravelling the mysteries of the GDPR trilogues

In recent days, "trilogue" seems to be the buzz word on everyone's lips following the adoption by the Council of Ministers of the European Union (the "Council") of the General Data Protection

In recent days, "trilogue" seems to be the buzz word on everyone's lips following the adoption by the Council of Ministers of the European Union (the "Council") of the General Data Protection Regulation (the "GDPR") in a first reading on 11th June. But what exactly is a "trilogue"? What is the meaning of this obscure concept that only exists under European Union law? Following my previous article on the EU's ordinary legislative procedure, I will try through this article to unravel the mysteries of the trilogue by explaining this concept in simple, layman terms.

What are "trilogues"?

Under the Treaty of Lisbon, the ordinary legislative procedure follows three stages: 1/ the first reading; 2/ the second reading; and 3/ the Conciliation agreement. The Treaty of Amsterdam (which entered into force on 1st May 1999) introduced the possibility for the co-legislative bodies of the European Union (namely, the Commission, the Parliament and the Council) to reach an agreement on a legislative proposal at first reading.

Trilogues are not formally defined in the founding treaties of the European Union (TEU and TFEU), even though article 295 of the TFEU does contain a general principle stating: "the European Parliament, the Council and the Commission shall consult each other and make arrangements for their cooperation by common agreement. To that end, they may, in compliance with the Treaties, conclude inter-institutional agreements, which may be of a binding nature."

Instead, they result from a Joint Declaration on Practical Arrangements for the Codecision Procedure (the "Joint Declaration") adopted by the Commission, the Council and the Parliament in 1999 and later updated in 2007. According to this Joint Declaration, "the institutions shall cooperate throughout the procedure with a view to reconciling their positions as far as possible and thereby clearing the way, where appropriate, for the adoption of the act concerned at an early stage of the procedure". The reconciliation of positions is reached through informal interinstitutional negotiations called "trilogues".

Are trilogue meetings common practise in the EU's ordinary legislative procedure?

Yes. Since the entry into force of the Lisbon Treaty, fewer and fewer legislative proposals have been adopted after a second reading (only 10 %) and fewer even after a Conciliation (only 5%). In practise, the huge majority of legal texts are now adopted after a first reading (85%). With the increased number of Member States and a much bigger Parliament (751 MEPs), second readings simply take too long and are usually left for texts where there is a strong controversy. In recent years, the EU legislative bodies have been using "trilogues" instead as a means to speed up the legislative procedure.

When do the trilogue meetings begin?

There is no official starting date for trilogue meetings and they may be held at all stages of the legislative procedure and at different levels of representation, depending on the nature of the expected discussion. In the case of the GDPR, no agreement was found prior to the Parliament's first reading vote (on 12th March 2014), nor prior to the Council's first reading vote (11th June 2015).

In practise, trilogue meetings tend to kick-off officially once the Council has adopted its first reading position, which is where we stand now on the GDPR. A first trilogue meeting was held on June 24th, during which the three legislative bodies agreed on the overall roadmap for the trilogue negotiations. On 14th July, the three institutions met again to discuss article 3 on the territorial scope of the Regulation and chapter 5 on international data transfers. The next trilogue meeting is due to take place in September, although no date has yet been decided.

Who attends the trilogue meetings?

Each institution designates its participants for each meeting in accordance with its own rules of procedure. Trilogue meetings are attended by representatives of all three EU legislative bodies, namely:

- the Council of Ministers: The Council is represented by the chairperson of relevant the working group (in this case, the Working Party on Information Exchange and Data Protection (DAPIX)), the chairperson of the Committee of Permanent Representatives of the Governments of the Member States to the European Union (COREPER), national officials, members of the Council's Secretariat and Legal Service. With Luxembourg now taking over the six-month rotating presidency of the European Union, one can expect Luxembourg to play a decisive role in the trilogue discussions given that it is home to some of the largest Internet companies in the world.

- the Parliament: The Parliament is represented by Jan Albrecht, the rapporteur on the legal text, Claude Moraes, the chairperson of the lead Parliament committee (LIBE committee), shadow rapporteurs, political group coordinators and various staff members of the Parliament.

- the European Commission: The Commission is represented by Paul Nemitz, the Director of the Directorate General for Justice (DG Justice), Bruno Gencarelli, the Head of Unit for Data Protection of DJ Justice, and various representatives of the Commission's Secretariat-General and Legal Service.

How are the trilogue meetings conducted?

Trilogues are chaired by the co-legislator hosting the meeting (i.e., either the Parliament or the Council) and are usually conducted in an informal manner. The co-legislative bodies undertake to exchange information regularly on the progress of codecision files in accordance with their own internal rules of procedure and to coordinate their respective calendars of work so as to conduct the proceedings in an efficient manner.

The discussions are organised around a four-column document which outlines the Commission's initial proposal (Column 1), the Parliament's position (Column 2) and the Council's position (Column 3), the last column being reserved for the "compromise text", which in the end constitutes the adopted version of the text.

During the trilogue meetings, the co-legislators (Parliament and Council) confront their positions, thus entering into a debate, with a view to reaching an agreement. In practise, the Commission often plays the role of a mediator or facilitator, making sure that an agreed position is reached.

How long will the GDPR trilogues last?

It is difficult to say as this will largely depend on how quickly the co-legislators are capable of adopting a compromise text. Under the Joint Declaration, the institutions must seek to establish an indicative timetable for the various stages leading to the final adoption of the legislative proposal. The frequency as well as the number of trilogues depends on various factors, such as the content of the legislative proposal and the political sensitivity surrounding the text.

In the case of the GDPR, the three institutions have set out to adopt the text before the end of 2015. There are examples in the past of some EU laws that were adopted within months, following fast-paced meetings taking place every month. In the given scenario, the Parliament and the Council seem to disagree quite strongly on some of the provisions, such as the rights of the individuals, international data transfers, data profiling, administrative fines and the one-stop shop mechanism. Furthermore, the EU Member States are not fully aligned, which could also further delay the adoption of the text.

While it is possible technically to reach a compromise text between now and December, it seems more likely that the text will be adopted in the beginning of 2016.

What will be the outcome of the trilogue meetings?

There are essentially two possible scenarios:

    1. The co-legislators agree on a compromise text: In this case, the agreement reached must be adopted by the Parliament's general assembly in a second reading vote and by the Council in a second reading vote. Following adoption of the GDPR by the Parliament and the Council, the text shall be submitted for signature, to the President of the Parliament and the President of the Council and to the Secretaries-General of those institutions. The jointly signed text is then sent for publication in the Official Journal of the European Union.


    1. The co-legislators do not agree on a compromise text: Statistically speaking, a failure to reach a compromise at the end of the trilogue meetings seldom happens and this is usually limited to situations where the co-legislators strongly disagree on a particular text, making it impossible to reach a final agreement. It seems unlikely that this would happen here, but if it does, then the legislative procedure would continue to a second reading in the Parliament and Council.


Are trilogues transparent enough?

Trilogue meetings have been criticized for their lack of transparency due to the fact that the meetings are held behind closed doors and little is known about the actual position of each institution during the negotiations. Emily O'Reilly, the European Ombudsman, opened an inquiry on May 28th regarding the transparency of trilogues, asking why there is no publicly accessible list of on-going trilogues and why a complete record of the documents tabled and exchanged at such meetings is also not accessible to the public. In a letter addressed to the Presidents of the Council, the Parliament and the Commission, she asks each of them to answer several questions, in particular whether the trilogue documents are made available to the public.

This shows that while trilogue meetings were initially created to establish a structured dialogue between the co-legislators with a view to adopting EU laws more expeditiously, they are also conducted in an opaque manner and very little information filters to the general public. At a time where the European Union suffers from a lack of democracy and transparency between EU citizens and the institutions who represent them, one may ask whether the time has come to adopt a more open and transparent framework for the trilogue meetings.


By Olivier Proust , Of Counsel, Privacy & Information Law Group (olivier.proust@fieldfisher.com)


This article was first published in the IAPP's Privacy Tracker.