Navigation path

Left navigation

Additional tools

Other available languages: FR DE


Brussels, 26th September 2002

Commission organises data protection conference to look at key privacy issues

How should privacy on the Internet be protected? Are businesses over-burdened by enquiries from people wanting access to the personal details companies hold about them? How well are current rules on international transfers of personal data working? These and other topical questions will be addressed by an international conference on data protection in the EU, organised by the European Commission, which will take place in Brussels on 30 September and 1 October. Business leaders, consumer associations, academics and data protection authorities from both the EU and third countries will take part.

Among the speakers will be Internal Market Commissioner Frits Bolkestein, Lene Espersen, Danish Minister of Justice, Giacomo Santini, vice-chairman of the Committee on Citizens' Freedoms and Rights, Justice and Home Affairs of the European Parliament and Stefano Rodotà, President of the Working Party of the Article 29 of the Directive (committee of Data Protection Commissioners in the Community).

The conference is the final part of the Commission's open consultation in preparation for its forthcoming report on how the 1995 Data Protection Directive is being applied. Nearly 10,000 replies to the associated online consultation (see IP/02/923) have been received.

The full programme is available at: Space at the conference has been reserved for a limited number of journalists on a first come first served basis.


The Data Protection Directive (see IP/95/822) entered into force on 24 October 1998 and has been implemented into national law by all Member States of the European Union except Ireland and Luxembourg.

The Commission expects those two countries to finalise their implementation before the end of this year.

For further details, see: The main principles behind the Data Protection Directive are:

  • personal data must always be processed fairly and lawfully

  • personal data must be collected for explicit and legitimate purposes and used accordingly

  • personal data must be relevant and not excessive in relation to the purpose for which they are processed

  • data that identify individuals must not be kept longer than necessary.

  • data must be accurate and, where necessary, kept up to date

  • data controllers are required to provide reasonable measures for data subjects to rectify, erase or block incorrect data about them

  • appropriate technical and organisational measures should be taken against unauthorised or unlawful processing of personal data

  • personal data must not be transferred to a country or territory outside the European Economic Area unless that country ensures an "adequate level of protection" for data subjects.

Side Bar