EC to revise data protection legal framework in 2011

Strengthening the rights of citizens and protect their personal data while enhancing the single market dimension and facilitate the exchange of data between Member States are some of the goals set forth by the Commission in its data protection strategy presented on 4 November. The Commission intends to address the review of the current legislative framework and has launched a public consultation open until 15 January 2011.

The European Commission has highlighted that the current legal framework for data protection needs to be revised and adapted. Globalization and news technologies have raised a series of new challenges which make necessary, among others, the revision for Directive 95/46/EC on data protection, in order to fully ensure the effective protection of citizens' rights, as well as the use of full potential of single market.

For that reason, the Commission has put forward a strategy a strategy on how to protect individuals' data in all policy areas, including law enforcement, which will be the base for further debate and the later legal revision process. This Commission action includes the launch of a public consultation on the Commission's comprehensive approach on personal data protection in the European Union, which will be open to all interested parties until 15 January 2011.

From the “right to be forgotten” to the full potential of single market, Commission goals on data protection

Commission's strategy sets out proposals on how to modernise the EU framework for data protection rules through a series of key goals:

  • Strengthening individuals' rights so that the collection and use of personal data is limited to the minimum necessary. This goal is based on the need for clear information on how, why, by whom, and for how long data are collected and used, issues about informed consent as well as the "right to be forgotten" when data are no longer needed or the citizen wants them to be deleted.
  • Enhancing the Single Market dimension by reducing the administrative burden on companies and ensuring a true level-playing field. Current differences in implementing EU data protection rules and a lack of clarity about which country's rules apply harm the free flow of personal data within the EU and raise costs.
  • Revising data protection rules in the area of police and criminal justice so that individuals' personal data is also protected in these areas. Under the review, data retained for law enforcement purposes should also be covered by the new legislative framework. The Commission is also reviewing the 2006 Data Retention Directive, under which companies are required to store communication traffic data for a period of between six months and two years.
  • Ensuring high levels of protection for data transferred outside the EU by improving and streamlining procedures for international data transfers.
  • More effective enforcement of the rules, by strengthening and further harmonising the role and powers of Data Protection Authorities. Improved cooperation and coordination is also strongly needed to ensure a more consistent application of data protection rules across the Single Market.

This initiative follows up with the review of the current legal framework of data protection which began with a high-level conference on data protection in May 2009, and has been launched by DG Justice, Rights and Citizenship, with collaboration and support from DG responsible for European Digital Agenda.