New EU data protection legislation, informally agreed on Tuesday and backed by Civil Liberties MEPs on Thursday morning, will create a uniform set of rules across the EU fit for the digital era. It should also improve legal certainty and boost trust in the digital single market for citizens and businesses alike. Clear and affirmative consent to data processing, the right to be forgotten and strong fines for firms breaking the rules are some of the new features.
"The new rules will give users back the right to decide on their own private data”, said Parliament's lead MEP on the regulation, Jan Philipp Albrecht (Greens, DE). "At the same time, the new rules will give businesses legal certainty and chances for competition. It will create one single common data protection standard across Europe. This implies less bureaucracy and creates a level playing field for all business on the European market", he added.
The informal agreement reached by Parliament and Council on Tuesday evening was backed by 48 votes to 4, with 4 abstentions.
The new rules will replace the EU's current data protection laws which date from 1995, when the internet was still in its infancy, and give citizens more control over their own private information in a digitised world of smart phones, social media, internet banking and global transfers. At the same time they aim to ensure clarity and legal certainty for businesses, so as to boost innovation and the further development of the digital single market.
The new rules include provisions on:
This flexibility was included at the pressing request of member states. Parliament’s negotiators would have preferred an EU-wide age limit of 13 years.
On Monday 21 December at 14.00 there will be a joint press conference on the data protection package with Ms Marju Lauristin (S&D, EE), Mr Jan Philipp Albrecht (Greens/EFA, DE - rapporteur on the regulation), Commissioner Vera Jourová and justice minister Félix Braz for the Luxembourg Presidency of the Council.
The informal agreement on the regulation will be voted by the full house in spring 2016 (probably March or April).
After the entry into force of the regulation, member states will have two years to apply its provisions.
Note to editors
According to a recent Eurobarometer survey only a minority of the respondents (15%) feel they have complete control over the information they provide online; 31% think they have no control at all ( Data Protection Eurobarometer, June 2015). In the same survey, two-thirds of respondents (67%) say they are concerned about not having complete control over the information they provide online.
The European Commission presented its proposal for an overhaul of EU data protection rules in January 2012. On 21 October 2013, after a year and a half of negotiations, consultations with four parliamentary committees and a record number of 3,999 amendments tabled, Parliament's Civil Liberties Committee adopted its position which would form the basis for the negotiations with the member states.
The position was confirmed by the Plenary on 12 March 2014. On 15 June 2015 member states approved their negotiation position. Already the following week, on 24 June, the three-way-talks between Commission, Council and Parliament began.