Navigation path

Left navigation

Additional tools


Brussels, 28 January 2010

Europeans' Privacy will be big challenge in next decade, says EU Commissioner

Our privacy faces new challenges: behavioural advertising can use your internet history to better market products; social networking sites used by 41.7 million Europeans allow personal information like photos to be seen by others; and the 6 billion smart chips used today can trace your movements. The European Commission today – Data Protection Day – warned that data protection rules must be updated to keep abreast of technological change to ensure the right to privacy, legal certainty for industry, and the take-up of new technologies. EU rules say that a person's information can only be used on legitimate grounds, with their prior consent. With the Lisbon Treaty and the Charter of Fundamental Rights now in force, the Commission today said it wants to create a clear, modern set of rules for the whole EU guaranteeing a high level of personal data protection and privacy, starting with a reform of the 1995 EU Data Protection Directive.

"EU rules are there to protect everyone’s personal data. The European Commission has proved its commitment to making these rules fully respected by all 27 EU countries. Innovation is important in today’s society but should not go at the expense of people's fundamental right to privacy. Now we have to make sure that the general data protection rules are up-to-date with technology and as comprehensive the Lisbon Treaty requires," said Viviane Reding, the EU's Information Society and Media Commissioner. "EU rules should allow everyone to realise their right to know when their personal data can be lawfully processed, in any area of life, whether boarding a plane, opening a bank account or surfing the internet, and to say no to it whenever they want."

At today's 4 th annual Data Protection Day , the European Commission said that the measures it applied to internet technology are needed throughout the economy and society to protect Europeans' privacy and personal data.

To do this, Commissioner Reding announced that she will propose to modernise EU privacy rules, building on the general rules ( Data Protection Directive ) in place since 1995, and specific telecoms and internet rules ( e-Privacy rules ).

The improved rules would be vigorously applied across all policy areas and international agreements, be it new technologies, consumer rights or public security.

In 2009 the Commission took a number of initiatives to make sure that privacy keeps up with technology:

  • A Recommendation on Radio Frequency Identification (RFID) smart tags in products like bus passes, saying that tags used in retail should be automatically deactivated unless the consumer purchasing an item with a tag "opts in" ( IP/09/740 ).

  • In February 2009, it brokered an agreement between 18 (20 since June) major social networking companies to improve minors' online safety, and privacy, on social networking sites like Facebook ( IP/09/232 ). It will report on their progress at Safer Internet Day 2010 next month: for example, how many make profiles of under-18s private and not searchable by default.

  • Following Commission proposals, new EU telecoms rules oblige providers of communications services like the internet to tell authorities when security breaches lead to personal data loss or misuse ( MEMO/09/513 ). They strengthen consumers' rights to be informed when information like internet cookies is stored or accessed on their equipment.

  • The Commission launched legal action against the UK on 14 April 2009 ( IP/09/570 ), reacting to citizens' concerns about UK internet providers testing behavioural advertising (PHORM) that scanned their internet use. The Commission warned the UK that its law does not comply with EU rules on confidentiality in telecoms in areas like user consent to interception of communications, sanctions against unlawful interception and supervision of interception activities. The case entered its second phase on 3 November 2009 ( IP/09/1626 ). If the Commission does not get a satisfactory reply, it may refer the case to the European Court of Justice.


Privacy and the protection of personal data are human rights set out in Articles 7 & 8 of the EU Charter of Fundamental Rights .

The 1995 EU Data Protection Directive lays down general principles to harmonise national rules such as when personal data can be processed and rights of the people whose data is processed. They say that a person's consents for their data use must be freely given, specific and informed.

EC data protection website:

The 2002 EU Directive on privacy and electronic communications sets principles for the telecoms sector. It protects the confidentiality of communications, requiring EU countries to prohibit interception and surveillance without users' consent (Article 5(1)) or legal authorisation.

Viviane Reding video message on privacy:

The processing by EU institutions and bodies is covered by Data protection Regulation (EC) 45/2001 . The EU general framework for the protection of personal data in police and judicial cooperation in criminal matters is the Framework Decision 2008/977/JHA .

The Council of Europe set up Data Protection Day in 2007 to explain what personal data is collected and why, as well as people's rights and responsibilities.

Data protection day

Side Bar