EU votes in new rules for personal data protection

Photo © ktsdesign – Fotolia

(STRASBOURG) – Euro-MPs have given the green light to new EU data protection rules aiming to give citizens back control of their personal data and create a high, uniform level of data protection across the EU.

Parliament’s vote, which also sets minimum standards on use of data for policing and judicial purposes, ends more than four years of work on a complete overhaul of EU data protection rules.

The reform replaces the current data protection directive, dating back to 1995 when the internet was still in its infancy, with a general regulation designed to give citizens more control over their own private information in a digitised world of smartphones, social media, internet banking and global transfers.

Parliament’s green light was welcomed by Commission vice-president Frans Timmermans, who said: “The new rules will ensure that the fundamental right to personal data protection is guaranteed for all. The General Data Protection Regulation will help stimulate the Digital Single Market in the EU by fostering trust in online services by consumers and legal certainty for businesses based on clear and uniform rules.”

Jan Philipp Albrecht MEP, who steered the legislation through Parliament, said: “The regulation will also create clarity for businesses by establishing a single law across the EU. The new law creates confidence, legal certainty and fairer competition.”

The new rules include provisions on:

  • a right to be forgotten,
  • “clear and affirmative consent” to the processing of private data by the person concerned,
  • a right to transfer your data to another service provider,
  • the right to know when your data has been hacked,
  • ensuring that privacy policies are explained in clear and understandable language, and
  • stronger enforcement and fines up to 4% of firms’ total worldwide annual turnover, as a deterrent to breaking the rules.

New rules on data transfers to ensure smoother police cooperation

The data protection package also includes a directive on data transfers for policing and judicial purposes. It will apply to data transfers across borders within the EU as well as, for the first time, setting minimum standards for data processing for policing purposes within each member state.

The rules aim to protect individuals, whether victims, criminals or witnesses, by setting out clear rights and limitations on data transfers for the purpose of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security, while at the same time facilitating smoother and more effective cooperation among law enforcement authorities.

Next steps

The regulation will enter into force 20 days after its publication in the EU Official Journal. Its provisions will be directly applicable in all member states two years after this date.

Member states will have two years to transpose the provisions of the directive into national law.

Due to UK and Ireland’s special status regarding justice and home affairs legislation, the directive’s provisions will only apply in these countries to a limited extent.

Denmark will be able to decide within six months after the final adoption of the directive whether it wants to implement it in its national law.

Further information

MEMO: Q&A on Data Protection reform

Data protection factsheets

EU data protection

Leave A Reply Cancel Reply

Exit mobile version