Brussels, 4 November 2010
European Commission sets out strategy to strengthen EU data protection rules
What happens to your personal data when you board a plane, open a bank account, or share photos online? How is this data used and by whom? How do you permanently delete profile information on social networking websites? Can you transfer your contacts and photos to another service? Controlling your information, having access to your data, being able to modify or delete it – these are essential rights that have to be guaranteed in today's digital world. To address these issues, the European Commission today set out a strategy on how to protect individuals' data in all policy areas, including law enforcement, while reducing red tape for business and guaranteeing the free circulation of data within the EU. This policy review will be used by the Commission with the results of a public consultation to revise the EU’s 1995 Data Protection Directive. The Commission will then propose legislation in 2011.
"The protection of personal data is a fundamental right," said Vice-President Viviane Reding, EU Commissioner for Justice, Fundamental Rights and Citizenship. "To guarantee this right, we need clear and consistent data protection rules. We also need to bring our laws up to date with the challenges raised by new technologies and globalisation. The Commission will put forward legislation next year to strengthen individuals' rights while also removing red tape to ensure the free flow of data within the EU’s Single Market."
Today's strategy sets out proposals on how to modernise the EU framework for data protection rules through a series of key goals:
The way forward
The Commission's policy review will serve as a basis for further discussion and assessment. The Commission is calling on all stakeholders and the public to comment on the review's proposals until 15 January 2011. Submissions can be made on the Commission’s public consultation web site:
Building on this, the Commission will present proposals for a new general data protection legal framework in 2011, which will then need to be negotiated and adopted by the European Parliament and the Council.
In addition, the Commission will examine other measures, such as encouraging awareness-raising campaigns on data protection rights and possible self-regulation initiatives by industry.
EU data protection rules (the 1995 Data Protection Directive 95/46/EC) aim to protect the fundamental rights and freedoms of natural persons, and in particular the right to data protection, as well as the free flow of data. This general Data Protection Directive has been complemented by other legal instruments, such as the e-Privacy Directive for the communications sector. There are also specific rules for the protection of personal data in police and judicial cooperation in criminal matters (Framework Decision 2008/977/JHA).
The right to the protection of personal data is explicitly recognised in Article 8 of the EU's Charter of Fundamental Rights and in the Lisbon Treaty. The Treaty provides the legal basis for rules on data protection for all activities within the scope of EU law under Article 16.
In 2009, the Commission launched a review of the current legal framework on data protection, starting with a high-level conference in May 2009, followed by a public consultation running until the end of 2009. Targeted stakeholders consultations were organised throughout 2010. In January 2010, Vice-President Viviane Reding announced the Commission's intention to modernise EU data privacy rules in a speech on Data Protection Day (see IP/10/63 and SPEECH/10/441) in her previous role as Information Society Commissioner. Today’s Communication was produced in agreement with Neelie Kroes, EU Commissioner in charge of the Digital Agenda.
Justice Directorate-General Newsroom:
Homepage of Vice-President Viviane Reding, EU Commissioner for Justice, Fundamental Rights and Citizenship: