What happens to your personal data when you take a flight, open a bank account or share photos online? How is this data used and by whom? How do you permanently delete details about yourself on social networking sites? Can you transfer your contacts and photos to another service? Control over your information, access to your data, modification or deletion of your data - these basic rights must be guaranteed in today's digital world. To this end, the European Commission today presented a strategy to protect individuals' data in all policy areas, including law enforcement. At the same time, it aims to reduce red tape for businesses and ensure the free flow of data across the EU. Together with the results of a public consultation on the issue, the Commission will use its new data protection strategy to revise the 1995 EU Data Protection Directive. In 2011, the Commission will then propose a new regime.
The strategy presented formulates a number of core objectives. These are:
- Strengthen the rights of individuals to ensure that the collection and use of personal data is kept to the minimum necessary. Everyone should also be informed clearly and transparently about how, why, by whom and for how long their data is collected and used. Everyone should be able to give informed consent to the processing of their personal data voluntarily, for example when surfing online, and everyone should have the 'right to be forgotten' if their data is no longer needed or they want their data deleted.
- Strengthening the internal market dimension by reducing the administrative burden on businesses and ensuring a level playing field. Currently, there are differences in the implementation of EU data protection rules and it is not always clear whose rules apply. This impedes the free flow of personal data in the EU and results in higher costs.
- Revise data protection rules in the area of police and criminal justice cooperation to ensure that personal data of individuals is also protected here. On the basis of the Lisbon Treaty, the EU can now establish comprehensive, coherent data protection rules for all areas, including police and criminal justice. Of course, the specificities and needs of these sectors must be taken into account. Data stored for law enforcement purposes will also be covered by the new data protection regime. The Commission is also currently reviewing Directive 2006/24/EC on data retention, which requires companies to store communications data for periods ranging from six months to two years.
- Ensure a high level of protection for data transferred outside the EU by improving and facilitating procedures for international data transfers. The EU should aim for the same level of protection when cooperating with third countries and promote high data protection standards worldwide.
- More effective enforcement by strengthening and further harmonising the tasks and powers of data protection authorities. There is also a need for better cooperation and coordination to ensure a more consistent application of data protection rules across the internal market.
The further procedure of the EU Commission:
The Commission's review of data protection policy will form the basis for further consultation and evaluation. The Commission invites all stakeholders and the public to comment on its proposals by 15 January 2011. For contributions, the Commission's public consultation website is available:
http://ec.europa.eu/justice/news/consulting_public/news_consulting_0006_en.htm
On this basis, the Commission will make proposals for a new general data protection regime in 2011, on which the European Parliament and the Council will then decide.
In addition, the Commission will consider other non-legislative measures, such as the promotion of awareness campaigns on data protection rights and the use of these rights, as well as possible self-regulatory initiatives by industry.
Background:
The EU data protection rules (the Data Protection Directive 95/46/EC) of 1995 are designed to protect the fundamental rights and freedoms of individuals. In particular, they aim to guarantee the right to data protection and the free movement of data. This general data protection directive has been complemented by other legal instruments, such as the ePrivacy Directive. In addition, there are specific rules for the protection of personal data in police and judicial cooperation in criminal matters.
The right to protection of personal data is explicitly recognised in Article 8 of the EU Charter of Fundamental Rights and in the Lisbon Treaty. The Treaty provides the legal basis for data protection rules for all activities within the scope of EU law in Article 16.
In 2009, the Commission began a review of the current legal framework for data protection. This started with a high-level conference in May 2009, followed by a public consultation that lasted until the end of 2009. In 2010, several hearings were held to target stakeholders. In January 2010, Viviane Reding, still in her capacity as EU Commissioner for the Information Society, announced on Data Protection Day that the Commission intended to modernise EU data protection policy (see IP/10/63 and SPEECH/10/441).
Source: EU Commission press release
Goldberg Attorneys at Law
Attorney at Law Michael Ullrich, LL.M. (Information Law)
Specialist lawyer for information technology law (IT law)
E-mail: info@goldberg.de
