Progress on new EU data protection regulations
16 June 2015 | 0
Progress has been made on new EU rules for data protection, as the ministers in the Justice Council have sealed a general approach on the Commission proposal on Data Protection Regulation.
“I feel very encouraged by this positive step towards improved and harmonised data protection rules,” said Andrus Ansip, vice president, Digital Single Market. “Data protection is at the heart of the Digital Single Market; it builds a strong basis to help Europe make better use of innovative digital services like big data and cloud computing.”
The aim of the data protection reform, launched by the Commission in 2012, is to enable people to better control personal data. At the same time, it is hoped modernised rules will allow businesses to make the most of the opportunities of the Digital Single Market by cutting red tape and benefiting from reinforced consumer trust. A more rigorous and coherent data protection framework will provide for greater legal and practical certainty for citizens, businesses and public authorities
Věra Jourová, commissioner for Justice, Consumers and Gender Equality said a big step forward had been taken in making Europe fit for the digital age.
“Citizens and businesses deserve modern data protection rules that keep pace with the latest technological changes,” said Jourová. “High data protection standards will strengthen consumers’ trust in digital services, and businesses will benefit from a single set of rules across 28 countries. I am convinced that we can reach a final agreement with the European Parliament and the Council by the end of this year”.
In a statement on the progress, it was confirmed that the general approach contains agreement on the following:
One continent, one law – the regulation will establish a single set of rules on data protection, valid across the EU. Companies will deal with one law, not 28. This will save businesses around €2.3 billion a year. In addition, the new rules will particularly benefit small and medium-sized enterprises (SMEs), reducing red tape for them. Unnecessary administrative requirements, such as notification requirements for companies, will be removed: this measure alone will save them €130 million per year.
Strengthened and additional rights – the right to be forgotten will be reinforced. When citizens no longer want their data to be processed and there are no legitimate grounds for retaining it, the controller must delete the data, unless they can show that it is still needed or relevant. Citizens will also be better informed if their data is hacked. A right to data portability will make it easier for users to transfer personal data between service providers.
European rules on European soil – companies based outside of Europe will have to apply the same rules when offering services in the EU.
More powers for independent national data protection authorities – those authorities will be strengthened in order to effectively enforce the rules, and will be empowered to fine companies that violate EU data protection rules. This can lead to penalties of up to €1 million or up to 2% of the global annual turnover of a company.
The ‘one-stop shop’ – the rules will establish a ‘one-stop shop’ for businesses and citizens: companies will only have to deal with one single supervisory authority, not 28, making it simpler and cheaper for companies to do business across the EU. Individuals will only have to deal with their home national data protection authority, in their own language, even if their personal data is processed outside their home country.
The first trilateral meeting between the Commission, the European Parliament and the Council of the EU will take place on 24 June with the participation of Commissioner Jourová. The three institutions hope to agree on a roadmap towards the finalisation of the reform in 2015.