In a press release, the European Commission has “set out a strategy on how to protect individuals’ data in all policy areas, including law enforcement, while reducing red tape for business and guaranteeing the free circulation of data within the EU.” The EC says that people are facing myriad questions today concerning data privacy: What happens to your personal data when you board a plane, open a bank account, or share photos online? How is this data used and by whom? How do you permanently delete profile information on social networking websites? Can you transfer your contacts and photos to another service?
“The protection of personal data is a fundamental right,” said Vice-President Viviane Reding, EU Commissioner for Justice, Fundamental Rights and Citizenship. “To guarantee this right, we need clear and consistent data protection rules. We also need to bring our laws up to date with the challenges raised by new technologies and globalisation.”
Therefore, the EC has begun a policy review, which will be combined with the results of a public consultation to revise the EUâ€™s 1995 Data Protection Directive.Â The deadline for public comment on the review’s proposals is January 15, 2011. Submissions can be made at the public consultation web site: http://ec.europa.eu/justice/news/consulting_public/news_consulting_0006_en.htm.
Proposed legislation based on the review and public comment is expected in 2011. The Commission also released an FAQ.
The Commission has set out “proposals on how to modernise the EU framework for data protection rules through a series of key goals.”
- Strengthening individuals’ rights so that the collection and use of personal data is limited to the minimum necessary. Individuals should also be clearly informed in a transparent way on how, why, by whom, and for how long their data is collected and used. People should be able to give their informed consent to the processing of their personal data, for example when surfing online, and should have the “right to be forgotten” when their data is no longer needed or they want their data to be deleted.
- Enhancing the Single Market dimension by reducing the administrative burden on companies and ensuring a true level-playing field. Current differences in implementing EU data protection rules and a lack of clarity about which country’s rules apply harm the free flow of personal data within the EU and raise costs.
- Revising data protection rules in the area of police and criminal justice so that individuals’ personal data is also protected in these areas. Under the Lisbon Treaty, the EU now has the possibility to lay down comprehensive and coherent rules on data protection for all sectors, including police and criminal justice. Naturally, the specificities and needs of these sectors will be taken into account. Under the review, data retained for law enforcement purposes should also be covered by the new legislative framework. The Commission is also reviewing the 2006 Data Retention Directive, under which companies are required to store communication traffic data for a period of between six months and two years.
- Ensuring high levels of protection for data transferred outside the EU by improving and streamlining procedures for international data transfers. The EU should strive for the same levels of protection in cooperation with third countries and promote high standards for data protection at a global level.
- More effective enforcement of the rules, by strengthening and further harmonising the role and powers of Data Protection Authorities. Improved cooperation and coordination is also strongly needed to ensure a more consistent application of data protection rules across the Single Market.