MEPs push for stronger data protection by EU institutions and agencies
All EU institutions, bodies and agencies should live up to strong data protection safeguards when processing personal data
Civil Liberties MEPs on Thursday passed amendments to new EU rules on the processing of personal data by the EU institutions. This update of the existing law from 2001 will strengthen and modernise the rules by bringing them into line with the General Data Protection Regulation adopted in 2016.
MEPs underlined that the new rules should cover not only the EU institutions, but also bodies, offices and agencies to ensure a strong and coherent framework for data processing throughout the EU. In particular, they should end the fragmentation of the rules for processing by the EU’s agencies, including agencies in the law enforcement sector.
To this end, MEPs included a specific set of rules for processing of law enforcement data that is in line with the directive on data transfers for policing and judicial purposes (adopted at the same time as the General Data Protection Regulation) and current rules used by Europol.
To further strengthen transparency, MEPs want all Union institutions and bodies to establish their own central register of their data processing and make the register publicly accessible. They also set clear provisions to limit the use of the data processed, minimise data stored, and specifying that inaccurate data should be erased or rectified without delay, in line with the General Data Protection Regulation.
MEPs stress that the Commission should be obliged to consult the European Data Protection Supervisor when preparing new legislative proposals. They also support that the European Data Protection Supervisor should be able to fine EU institutions, bodies or agencies that do not live up to the data protection rules.
Quote
Parliament’s lead MEP on the file Cornelia Ernst (GUE, DE) said: "Most importantly we want a single unified framework for processing of personal data by EU institutions, bodies and agencies to ensure not only a high level of data protection, but also clarity for the individuals whose data are being processed”.
Next steps
The Civil Liberties Committee passed the amendments to the new regulation by 45 votes to 7, with 6 abstentions. MEPs also voted to open up talks with the Council. The decision will now be put to the Plenary in October II for confirmation.
Quick facts
The right to the protection of personal data also applies to the processing of personal data by EU institutions, bodies, offices and agencies. The main rules on data protection are laid down in a regulation from 2001. The new law will update these existing rules and bring them into line with the more stringent principles of the General Data Protection Regulation which will become applicable on 25 May 2018.