The European Parliaments Industry, Research and Energy Committee (ITRE) has given its backing to Commission proposals to reform the EUs data protection rules which date back to 1995. The vote on the Committees opinion, drafted by Member of the European Parliament Seán Kelly, is the latest step towards a swift adoption of the proposed legislation. The Committees opinion which covers the draft general Data Protection Regulation will now be submitted to the Civil Liberties, Justice and Home Affairs Committee (LIBE), which will consolidate all the amendments submitted so far and vote on its own report at the end of April.
Advertisement
The EP’s ITRE Committee backed the main innovations of the Commission’s data protection reform:
- The need to replace the current 1995 Data Protection Directive with a directly applicable Regulation that covers the processing of personal data. A single set of rules on data protection, valid across the EU will remove unnecessary administrative requirements for companies and can save businesses around 2.3 billion a year.
- The need to have a “one-stop shop” for companies that operate in several EU countries. The Commission’s proposal is cutting red tape by introducing a one-stop shop for businesses to deal with regulators. In the future, companies will only have to deal with the data protection authorities in the EU country in which they have their main establishment: one interlocutor, not 27 (or more).
- The need for a consistency mechanism that will ensure a uniform application of the EU rules. The European Commission is putting an end to regulatory fragmentation and inconsistent application of the rules to help accelerate the Digital Single Market. The consistency mechanism in the proposed Data Protection Regulation is crucial to ensure the Commission is there as a backstop when regulators can’t agree a common line. A number of major telecoms operators have welcomed this.
- The need to pay special attention to Small and medium-sized enterprises (SMEs) which are the backbone of Europe’s economy (99% of all European businesses are SMEs). The Commission’s proposal already provides for a number of exemptions for SMEs (below 250 employees): for example an exemption from the need to appoint a data protection officer or the duty to put together documentation on their data processing activities. The ITRE Committee voted to expand this approach.
Next steps: Following the ITRE Committee’s opinion, the Employment (EMPL) Committee is due to vote on its own opinion on the reform proposals. The LIBE Committee (which is the lead Committee) will then vote on its own report at the end of April.
The European Commission ha said it will continue to work very closely with the European Parliament and with the Council to support the co-legislators in their endeavour to achieve a political agreement on the data protection reform by the end of the Irish Presidency. The next discussion by Ministers of the proposed data protection rules is set for the upcoming Justice Council on 8 March.
Background
Today’s vote in the ITRE Committee follows the publication of the draft reports on the reform of the EU’s data protection rules by the LIBE Committee’s rapporteurs on 10 January 2013. In their reports, Jan-Philipp Albrecht, rapporteur for the proposed Data Protection Regulation and Dimitrios Droutsas, rapporteur for the proposed Data Protection Directive for the law enforcement sector, expressed their full support for a coherent and robust data protection framework with strong end enforceable rights for individuals. They also stressed the need to advance negotiations swiftly on both instruments at the same time. Four European Parliament Committees (IMCO, ITRE, JURI and EMPL) are providing opinions on the General Data Protection Regulation and the JURI Committee is providing an opinion on the Data Protection Directive for the law enforcement sector to the LIBE Committee.
In the digital age, the collection and storage of personal information are essential. Data is used by all businesses from insurance firms and banks to social media sites and search engines. In a globalised world, the transfer of data to third countries has become an important factor in daily life. There are no borders online and cloud computing means data may be sent from Berlin to be processed in Boston and stored in Bangalore.
Today, 72% of Internet users are worried that they give away too much personal data. They feel they are not in complete control of their data. Fading trust in online services and tools holds back the growth of the digital economy and Europe’s digital single market.
To address these concerns, the Commission proposed, on 25 January 2012, a comprehensive reform of the EU’s 1995 data protection rules to strengthen online privacy rights and boost Europe’s digital economy. The Commission’s proposals update and modernise the principles enshrined in the 1995 Data Protection Directive to bring them into the digital age. They include a proposal for a Regulation setting out a general EU framework for data protection and a proposal for a Directive on protecting personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities.
The right to the protection of personal data is explicitly recognised by Article 8 of the EU’s Charter of Fundamental Rights and by the Lisbon Treaty. The Treaty provides a legal basis for rules on data protection for all activities within the scope of EU law under Article 16 (Treaty on the Functioning of the European Union).