Brussels, 20 February 2013
EU Data Protection: European Parliament's Industry committee backs uniform data protection rules
The European Commission today welcomed the adoption of an opinion by the European Parliament’s Industry, Research and Energy Committee (ITRE) on the Commission’s proposals to reform the EU’s data protection rules which date back to 1995 (see IP/12/46 and IP/13/57). The vote on the Committee’s opinion, drafted by Member of the European Parliament Seán Kelly, is the latest step towards a swift adoption of the proposed legislation. The Committee’s opinion – which covers the draft general Data Protection Regulation – will now be submitted to the Civil Liberties, Justice and Home Affairs Committee (LIBE), which will consolidate all the amendments submitted so far and vote on its own report at the end of April.
"Today’s vote by the European Parliament’s Industry Committee is an important signal that industry needs uniform and clear data protection rules to take advantage of our Digital Single Market," said Vice-President Viviane Reding, the EU's Justice Commissioner. "I thank the ITRE Committee and, in particular the rapporteur, MEP Seán Kelly, for their swift work. This reform is good for business in Europe: one data protection law for one continent, a regulatory one-stop shop with one national data protection authority in charge and a mechanism allowing the European Commission to act as a backstop and ensure consistent application of the rules. This will ensure effective protection of people’s personal data and help to boost economic growth, innovation and job creation in Europe.”
The ITRE Committee backed the main innovations of the Commission's data protection reform:
The need to replace the current 1995 Data Protection Directive with a directly applicable Regulation that covers the processing of personal data. A single set of rules on data protection, valid across the EU will remove unnecessary administrative requirements for companies and can save businesses around €2.3 billion a year.
The need to have a "one-stop shop" for companies that operate in several EU countries. The Commission's proposal is cutting red tape by introducing a one-stop shop for businesses to deal with regulators. In the future, companies will only have to deal with the data protection authorities in the EU country in which they have their main establishment: one interlocutor, not 27 (or more).
The need for a consistency mechanism that will ensure a uniform application of the EU rules. The European Commission is putting an end to regulatory fragmentation and inconsistent application of the rules to help accelerate the Digital Single Market. The consistency mechanism in the proposed Data Protection Regulation is crucial to ensure the Commission is there as a backstop when regulators can't agree a common line. Companies welcome this (see MEMO/13/86).
The need to pay special attention to Small and medium-sized enterprises (SMEs) which are the backbone of Europe's economy (99% of all European businesses are SMEs). The Commission's proposal already provides for a number of exemptions for SMEs (below 250 employees): for example an exemption from the need to appoint a data protection officer or the duty to put together documentation on their data processing activities. The ITRE Committee voted to expand this approach.
Next steps: Following the ITRE Committee’s opinion, the Employment (EMPL) Committee is due to vote on its own opinion on the reform proposals. The LIBE Committee (which is the lead Committee) will then vote on its own report at the end of April.
The European Commission will continue to work very closely with the European Parliament and with the Council to support the co-legislators in their endeavour to achieve a political agreement on the data protection reform by the end of the Irish Presidency. The next discussion by Ministers of the proposed data protection rules is set for the upcoming Justice Council on 8 March.
Today's vote in the ITRE Committee follows the publication of the draft reports on the reform of the EU's data protection rules by the LIBE Committee’s rapporteurs on 10 January 2013 (IP/13/4). In their reports, Jan-Philipp Albrecht, rapporteur for the proposed Data Protection Regulation and Dimitrios Droutsas, rapporteur for the proposed Data Protection Directive for the law enforcement sector, expressed their full support for a coherent and robust data protection framework with strong end enforceable rights for individuals. They also stressed the need to advance negotiations swiftly on both instruments at the same time. Four European Parliament Committees (IMCO, ITRE, JURI and EMPL) are providing opinions on the General Data Protection Regulation and the JURI Committee is providing an opinion on the Data Protection Directive for the law enforcement sector to the LIBE Committee.
In the digital age, the collection and storage of personal information are essential. Data is used by all businesses – from insurance firms and banks to social media sites and search engines. In a globalised world, the transfer of data to third countries has become an important factor in daily life. There are no borders online and cloud computing means data may be sent from Berlin to be processed in Boston and stored in Bangalore.
Today, 72% of Internet users are worried that they give away too much personal data. They feel they are not in complete control of their data. Fading trust in online services and tools holds back the growth of the digital economy and Europe's digital single market.
To address these concerns, the European Commission proposed, on 25 January 2012, a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy. The Commission's proposals update and modernise the principles enshrined in the 1995 Data Protection Directive to bring them into the digital age. They include a proposal for a Regulation setting out a general EU framework for data protection and a proposal for a Directive on protecting personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities (IP/12/46, MEMO/12/41 and IP/13/57).
The right to the protection of personal data is explicitly recognised by Article 8 of the EU's Charter of Fundamental Rights and by the Lisbon Treaty. The Treaty provides a legal basis for rules on data protection for all activities within the scope of EU law under Article 16 (Treaty on the Functioning of the European Union).
For more information
Homepage of Vice-President Viviane Reding, EU Justice Commissioner:
MEP Jan-Philipp Albrecht's report on the Data Protection Regulation:
MEP Dimitrios Droutsas' report on the Data Protection Directive:
Press pack: data protection reform:
European Commission – data protection:
Justice Directorate General Newsroom:
Follow the Vice-President on Twitter: