Digital and technology

EU’s decisive move on data protection

Strasbourg : Plenary session European Parliement Michael McKernan sums up the progress made on the new Directive.

In January 2012, the European Commission proposed a comprehensive reform of Europe’s data protection rules to strengthen individual online privacy rights and to create certainty around the operating environment for Europe’s rapidly developing digital economy.

Although at the time of the original EU Data Protection Directive in 1995, it was thought that Europe had created strong fit-for-purpose regulation, rapid technological change – combined with alarming revelations about inappropriate surveillance and governments abusing personal data collection – made it imperative that further regulatory action be taken.

Essentially, the Commission’s proposals aim to address the needs of individuals and citizens although in quite different ways.

For the citizen, there is the new ‘right to be forgotten’ which will help people better manage data-protection risks online. When they no longer want their data to be processed and there are no legitimate grounds for retaining it, then it will be deleted. Similarly, citizens will have an enhanced right of access to data held on them. Permission to process such data can no longer be assumed – individual permission must be given explicitly and individual citizens will have a much easier transfer of data from one service provider to another and must be notified directly and promptly of any serious data breaches.

Extensive research by the Commission has shown increasing public concern about the security of personal data and broad support for the Commission’s proposals.

In recognising that “data is the currency of the digital economy”, the Commission has estimated the value of Europe’s data at a figure approaching €1 trillion and argued that strengthening Europe’s data security is actually an economic opportunity. The benefits to business and the European economy generally, are threefold.

Firstly, the regulation will establish a single pan-European law for data protection replacing the current patchwork of national laws. Secondly, the regulation will establish a one-stop-shop where businesses will only have to deal with one regulatory authority, rather than 28, making it cheaper to do business across Europe. Thirdly, the same rules will apply to all companies large or small, irrespective of where they are established.

Non-EU companies will still be bound by EU data protection regulation and there will be hefty penalties for non-compliance. There will also be some lessening of red tape for SMEs in the overall operation of the regulation.

The Commission argues that all of this will actually give European business a competitive advantage globally, as data security becomes an increasingly important issue worldwide.

In October 2013, the Commission’s proposals (brought forward by the Commission’s Directorate-General for Justice) were approved by a large majority by the European Parliament’s leading Committee on Civil Liberties, Justice and Home Affairs. On 12 March 2014, the proposals were approved by the full Parliament which settles the view of the Parliament on the issue even though the Parliament will have a new make-up following the forthcoming elections.

Welcoming the vote, EU Justice Commissioner Viviane Reding said: “We need to get serious on data protection. The European Parliament understood. Today’s vote is the strongest signal that we need to deliver this reform for our citizens and our businesses.”

The proposals now pass to the European Council for final negotiations and indications are that the Directive will be completed in this calendar year.

In the meantime, there are a number of legal cases under way in Europe and the US where citizens and groups are challenging data retention regulation. In one landmark case before the European Court of Justice, the court has recently received strong advice from its Advocate-General to the effect that the existing EU Directive is unlawful.

The data vote

MEPs approved the Directive by 371 votes to 276 at its first reading on 12 March with eight Irish MEPs in favour and four against.  Martina Anderson voted in favour, along with most liberal and socialist members.  Jim Nicholson and Diane Dodds voted against, joining the conservative groups in the Parliament who objected to the Directive covering data held by the police and law enforcement authorities.  Members of the public can follow the results of EU votes at www.votewatch.eu

Show More
Back to top button