Navigation path

Left navigation

Additional tools

Other available languages: FR DE DA ES NL IT SV PT FI EL


Brussels, 15 May 2001

Dialogue with Citizens: Commission launches new guide on data protection rights

The European Commission has published a new guide entitled "Data Protection in the European Union", which provides citizens and businesses with information on their rights regarding the collection and use of personal data and on what to do when their rights are violated. As technology advances, the means available to transfer and process data become ever more sophisticated. This free guide provides useful tips on who is entitled to handle personal information and how data can be legitimately processed. . It is the latest in a series of guides published under the "Dialogue with Citizens and Business" initiative, which aims at raising awareness amongst the European public of their rights and opportunities in a single European market. The Dialogue initiative offers practical information and, through a systematic analysis of feedback from citizens and businesses, enables the Commission to monitor how the Internal Market operates in practice and to promote policies which better reflect the needs of citizens and businesses.

Internal Market Commissioner Frits Bolkestein said "As we are all so-called 'data subjects' we need reassurance that our personal data is fairly treated and lawfully protected. In modern society, we are disclosing personal data all the time - when we book a flight, use a credit card or surf the internet. This new guide aims to familiarise the public with their rights regarding the processing of this personal information and provides practical advice about what they can do if these rights are violated".

The harmonisation of data protection rules in the EU aims to achieve the free movement of information, including personal data, between Member States whilst at the same time ensuring a high level of protection for any person concerned. The resulting legal framework is found mainly in Directive 95/46/EC ("the Data Protection Directive"), adopted on 24 October 1995, dealing with the protection of individuals in the processing of personal data and the free movement of such data. Member States were required to give effect to the Directive within three years of its adoption. The Directive provides that:

  • Personal data should be collected only for specified, explicit and legitimate purposes;

  • The persons concerned should be informed about such purposes and the identity of the controller;

  • Any person concerned should have a right of access to his/her data and the opportunity to change or delete data which is incorrect and

  • If something goes wrong, appropriate remedies should be available to put things right, including compensation of damages through the competent national courts.

The guide explains some of the basic terms which the Directive defines, such as "data controller" (any person or body determining 'the purposes and the means of the processing') and "data subject" (the person to which data refers). It also describes the rules to which data controllers are subject and the circumstances in which personal data can be processed. Particularly stringent rules apply to "sensitive data", defined as data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sexual preference. As data subjects, we are all entitled to be informed about the processing of our personal data, have access to that data and receive an explanation concerning the rationale upon which significant decisions that affect us are made. While the Directive permits certain derogations from these principles, they are only applicable in certain defined circumstances, for example for reasons of national security.

One of the requirements of the Data Protection Directive is that Member States provide for one or more Supervisory Authorities for the purpose of monitoring and promoting the application of data protection legislation and investigating complaints of non-compliance. Each Supervisory Authority acts with complete independence and has certain enforcement powers. For example, these authorities have the power to ban the processing of specific data if investigation following a complaint finds that the rules are being violated with respect to the data in question. The data protection guide provides details of the procedure to introduce a complaint, as well as the contact details for the offices of the Data Protection Commissioners in each of the Member States. Most of the information can also be accessed online at:

Other Dialogue Guides and Factsheets, such as "Enforcing your rights", "Living in another country of the EU", "Working in another country of the EU", as well as additional information, are available from the Dialogue with Citizens website: Guides and factsheets are also available in print by contacting the Europe Direct call centre at the following freephone numbers:

Austria:    0800 29 68 11  Belgium:    0800 920 39 (F)        0800 920 38 (N)  Denmark:   80 01 02 01  Finland:    0800 11 31 91  France:    0800 90 97 00  Germany:   0800 186 0400  Greece:    00800 321 2254  Ireland:    1 800 55 31 88  Italy:     800 876 166  Luxembourg:  0800 25 50  Netherlands:  0800 09 05 1950  Portugal:   8002 09 5 50  Spain:    900 983 198  Sweden:    020 79 49 49  United Kingdom: 0800 581 591

The Dialogue with Citizens complements the Dialogue with Business ( and is linked to the Commission's Europe Direct initiative (

Side Bar