It seems you're browsing from a mobile device.
Would you like to access the mobile version of our website?

Yes, please No, thanks
Data protection

Protection of personal data is a fundamental human right. Below you will find the main legislative procedures and packages that touched upon data protection during the 7th legislative term. They concern the following five major areas: Personal data protection, Passenger name records, Finance Tracking Program, Anti-Counterfeiting Trade Agreement (ACTA) and NSA Surveillance Programme.

1. Personal data protection

The existing legal framework on personal data protection comprises the general Data Protection 95/46/EC (that entered into force at the beginning of the digital era), Regulation (EC) No 45/2001 on processing of personal data by the EU institutions and bodies, and Framework Decision 2008/977/JHA on the protection of personal data in the context of criminal law enforcement. In January 2012, after the Lisbon Treaty gave the EU the explicit competence to legislate on the protection of individuals with regard to the processing of their personal data, the Commission proposed its reform package comprising a general data protection regulation to replace Directive 95/46/EC and a directive to replace Framework Decision 2008/977/JHA.

Parliament's committee on Civil Liberties, Justice and Home Affairs adopted its reports on the basis of 4 000 amendments (to the Regulation) and 768 amendments (to the Directive). Parliament adopted a position at first reading in March 2014. The strong points of Parliament's position as regards the Regulation are:

- a comprehensive approach to data protection, with a clear, single set of rules, which applies within and outside the Union;
- a clarification of the concepts used (personal data, informed consent, data protection by design and default) and a strengthening of individuals' rights (e.g. as regards inter alia the right of access or the right to object to data processing);
- a more precise definition of the rules concerning the processing of personal data relating to some sectors (health, employment and social security) or for some specific purposes (historical, statistical, scientific research or archives-related purposes);
-a clarification and a strengthening of the regime of sanctions;
- a better and consistent enforcement of data protection rules (strengthened role of the corporate data protection officers, setting up of a European Data Protection Board, unified framework for all Data Protection Authorities, creation of a one-stop shop mechanism);
-a strengthening of the criteria for assessing the adequacy of protection offered in a third country.

The proposed directive deals with the processing of personal data in the context of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties. Parliament's position on the Directive contains key elements such as:

- a clear definition of the data protection principles (the exceptions which have to be duly justified);
- the conditions to be complied with as regards the processing (e.g. lawful, fair, transparent and legitimate processing, and explicit purposes) and the transmission of personal data;
- the setting up of an evaluation mechanism and of a data protection impact assessment;
- a clear definition of profiling;
- a strengthening of the regime for transferring personal data to third countries;
- a clarification of the monitoring and enforcement powers of the Data Protection Authorities
- a new article on genetic data.

2. Passenger Name Records Agreements

Passenger Name Records are sets of data compiled by airlines, including information on the booking, frequent traveller information and accompanying passengers. The legality of the first PNR agreements, concluded with the United States after the September 2001 attacks, was challenged by Parliament before the Court of Justice in Luxembourg who followed Parliament's position and struck down the corresponding acts of 2006. A new agreement was signed in 2007, but in May 2010, Parliament decided to postpone its vote on the Council's request for consent given its concerns about the level of data protection in the US and requested a renegotiation on the basis of a number of criteria. In September 2010, the Commission defined a global approach to the transfer of PNR data to third countries and supported Parliament's request for renegotiation. In December 2010, the Council authorised the Commission to negotiate new PNR agreements with three countries: the US, Australia and Canada. Parliament gave its consent to the conclusion of the new PNR Agreements with the US and Australia, whereas the Agreement with Canada was still in a preparatory phase (at the time this note was drafted).

It should be noted though that the new agreements faced criticism from some MEPs who tabled a minority opinion to the committee's recommendation for consent. They expressed continuing concerns in the plenary debate that the agreements did not meet the guarantees requested by Parliament in its previous resolutions, such as factual evidence supporting the claim that storage and processing of PNR is necessary and proportionate.

3. Finance Tracking Program

The Terrorist Finance Tracking Programme (TFTP) is an instrument introduced by the US in the aftermath of the 11 September 2001 attacks. It is designed to monitor the financial activities of suspected terrorists and relies on data obtained under subpoena from SWIFT (Society for Worldwide Interbank Financial Telecommunication), which handles transactions between financial institutions in most countries of the world, including Europe. Following concerns expressed, among others, by the European Parliament, a transatlantic dialogue was launched in 2007. An interim agreement between the EU and the United States, supported by the Council and the Commission and signed in November 2009 was rejected by Parliament since, in its view, it failed to correctly balance security and civil liberties. This was the first time that the Parliament exercised its new right under the Lisbon Treaty to veto an international agreement As a consequence, the provisional application of the interim agreement was terminated.

The EU-US Financial Messaging Data Agreement was finally signed in June 2010
and, with the consent of the Parliament, formally concluded in July 2010, following the addition of further data protection provisions not in the rejected text. Parliament's concerns, however, again came to the fore in the context of the revelations about the NSA surveillance programme, which led Parliament to ask for a suspension of the agreement in October 2013.

It should be noted that, in February 2011, the Commission proposed a directive to allow the use of EU air passenger name record (PNR) data in investigating serious crime and terrorist offences. However, the proposal was rejected by Parliament's Civil Liberties Committee in April 2013 in a tight vote. Initially scheduled for a plenary vote in June 2013, the matter was referred back to the committee. As the full Parliament has not yet adopted its position, the legislative proposal is still under consideration.

4. Anti-Counterfeiting Trade Agreement

The Anti-Counterfeiting Trade Agreement (ACTA) was a draft agreement between the EU, its Member States and ten other countries, including the USA and Japan. It aimed to prevent trade in counterfeit physical and digital goods by enforcing the protection of intellectual property rights. ACTA was considered by some as touching upon, inter alia, privacy and protection of personal data. The agreement provoked protests in the streets and controversy in the Parliament where a majority of MEPs were of the opinion that the intended benefits of the agreement were outweighed by the potential threats to civil liberties, given the vagueness of certain aspects of the text and the uncertainty over its interpretation. As a result, Parliament declined to give its consent to the conclusion of the Agreement in July 2012.

5. The impact of the NSA Surveillance programme on fundamental rights and transatlantic cooperation in Justice and Home Affairs

The revelations since June 2013 on the NSA's Surveillance Programme raised serious concerns in civil society in Europe. Parliament voiced its concerns about the impact of such surveillance programmes on EU citizens' privacy first in a resolution adopted in July 2013, requesting its Civil Liberties Committee to look into the matter. It then requested the suspension of the TFTP programme as a result in October 2013. Between September 2013 and January 2014, the Committee organised 16 hearings with experts and, in October 2013, a delegation met in Washington with representatives of both the executive and the legislative branches in the US (academics, lawyers, security experts, business representatives). The preparatory work culminated in the adoption of a non-legislative report to which over 500 amendments were tabled in committee. The report was endorsed by an overwhelming majority in plenary in March 2014.


Related procedures