Stronger data protection rules for Europe

More than 90% of Europeans are concerned about mobile apps collecting their data without their consent. Today, an important step was taken to finalise EU data protection rules to help restore that confidence.

Ministers in the Council reached a General Approach on the new data protection rules, confirming the approach taken in the Commission’s proposal back in 2012 (see IP/12/46). The proposed rules received the backing of the European Parliament in March 2014 (MEMO/14/186).

How do EU data protection rules contribute to boosting the Digital Single Market?

Completing the Digital Single Market is one of the top priorities of the European Commission. The internet and digital technologies are transforming our world. But existing barriers online mean citizens miss out on goods and services, internet companies and start-ups have their horizons limited, and businesses and governments cannot fully benefit from digital tools.

With a fully functioning Digital Single Market, we can create up to €415 billion in additional growth, hundreds of thousands of new jobs, and a vibrant knowledge-based society (see IP/15/4919).

But if citizens do not trust online services, they will not benefit from all the opportunities presented by technology. Confidence is paramount, but it is still far from a reality.

Data protection reform will address this lack of trust. It will strengthen citizen’s rights such as the right to be forgotten, the right to data portability and the right to be informed of personal data breaches. The reform gives national regulators enforcement powers to ensure that these new rules are properly applied. They will be able to impose fines of up to 2% of a company’s annual worldwide turnover.

What are the main benefits of the EU Data Protection Reform?

The European Commission’s proposals for a comprehensive reform of the EU’s 1995 Data Protection Directive aim to strengthen privacy rights and boost Europe’s digital economy. The Commission’s proposals update and modernise the principles enshrined in the 1995 Directive, bringing them into the digital age and building on the high level of data protection which has been in place in Europe since 1995. A clear definition of personal data will be established in the regulation to ensure harmonised implementation of the rules across the EU. The legislation is technologically neutral: this means that it will not go out of date, enabling innovation to continue to thrive under the new rules.

What are the main benefits for citizens?

The data protection reform will strengthen citizens’ rights and thereby help restore trust. Nine out of ten Europeans say they are concerned about mobile apps collecting their data without their consent; seven out of ten are concerned about the potential use that companies may make of the information disclosed.

The new rules will put citizens back in control of their data, notably through:

  • A right to be forgotten: When you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted. This is about empowering individuals, not about erasing past events or restricting freedom of the press (see section on right to be forgotten for more details).
  • Easier access to your own data: Individuals will have more information on how their data is processed and this information should be available in a clear and understandable way. Moreover, a right to data portability will make it easier for you to transfer your personal data between service providers.
  • The right to know when your data has been hacked: For example, companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours) so that users can take appropriate measures.
  • Data protection first, not an afterthought: ‘Data protection by design’ and ‘Data protection by default’ will also become essential principles in EU data protection rules – this means that data protection safeguards should be built into products and services from the earliest stage of development, and that privacy-friendly default settings should be the norm – for example on social networks or mobile apps.

What are the benefits for businesses?

Data is the currency of today’s digital economy. Collected, analysed and moved across the globe, personal data has acquired enormous economic significance. According to some estimates, the value of European citizens’ personal data has the potential to grow to nearly €1 trillion annually by 2020. Strengthening Europe’s high standards of data protection is a business opportunity.

The European Commission’s data protection reform will help the digital single market realise this potential, notably through four main innovations:

  • One continent, one law: The Regulation will establish a single, pan-European law for data protection, replacing the current inconsistent patchwork of national laws. Companies will deal with one law, not 28. The benefits are estimated at €2.3 billion per year.
  • One-stop-shop: The Regulation will establish a ‘one-stop-shop’ for businesses: companies will only have to deal with one single supervisory authority, not 28, making it simpler and cheaper for companies to do business in the EU; and easier, swifter and more efficient for citizens to get their personal data protected.
  • The same rules for all companies – regardless of where they are established: Today European companies have to adhere to stricter standards than companies established outside the EU but also doing business on our Single Market. With the reform, companies based outside of Europe will have to apply the same rules. We are creating a level-playing field. Moreover rules for international transfers of data are streamlined, through simplified approval of binding corporate rules. This will foster international trade while ensuring continuity of protection for personal data.
  • European regulators will be equipped with strong enforcement powers: data protection authorities will be able to fine companies who do not comply with EU rules up to 2% of their global annual turnover. The European Parliament has even proposed to raise the possible sanctions to 5%.
Menu