European Commission Announces Strategy for Revising EU Data Protection Rules

Earlier today, the European Commission released documents setting out the road map for revision of the European data protection rules, including the EU Data Protection Directive 95/46/EC. The strategy is based on the Commission’s position that an individual’s ability to control his or her information, have access to the information, and modify or delete the information are “essential rights that have to be guaranteed in today’s digital world.” The Commission set out a strategy on how to protect personal data while reducing barriers for businesses and ensuring free flow of personal data within the European Union.

The goal in revising EU data protection rules (which also apply to members of the European Economic Area) is to facilitate the establishment of clear and consistent data protection requirements as well as to modernize Europe’s data protection laws to meet the challenges raised by new technologies (e.g., behavioral tracking) and globalization. Europe's data protection laws are currently based in large part on the 1995 EU Data Protection Directive.

The Commission’s announcement comes on the heels of the Data Protection Commissioners Conference in Jerusalem, during which many participants highlighted the need to bring data protection legislation up to date, and raised concerns about inconsistent and complex data protection requirements in various countries (including among EU member states).

The Commission’s strategy to revise data protection rules is based on the goals of:

  • Limiting the collection and use of personal data to the minimum necessary;
  • Transparency as to how, why, by whom and for how long personal data is collected and used;
  • Informed consent;
  • Right to be forgotten;
  • Reducing administrative compliance burdens on businesses;
  • Uniform implementation of data protection rules in EU member states;
  • Improving and streamlining procedures for data transfers outside the EU;
  • Cooperation with countries outside the EU and promotion of high standards of data protection at a global level;
  • Strengthening enforcement of data protection rules by harmonizing the role and power of national data protection authorities;
  • Facilitating consistent enforcement of data protection laws across the EU; and
  • Implementing coherent rules for the protection of personal data in the fields of police and criminal justice.

Notably, many of these goals were announced at the Jerusalem conference.

The Commission’s review will serve as the basis for further discussions of data protection rules and, ultimately, new legislation, which the Commission expects to propose in 2011.

Please see the Commission’s press release, FAQs, and the strategy document for more details. The Commission is encouraging organizations and individuals to submit comments.

Stay tuned for more about the proposed revisions.