Today (14 April), the European Parliament adopted a historic reform of EU data protection legislation, which will come into force in two years’ time. It promises to bring real EU-wide benefits, write Jan Philipp Albrecht, Marju Lauristin and Věra Jourová.
Jan Philipp Albrecht is vice-chair of the European Parliament Committee for Civil Liberties, Justice and Home Affairs, on which Marju Lauristin is also a member. Věra Jourová is European Commissioner for Justice, Consumers and Gender Equality.
It has been a long journey since January 2012 when the European Commission put forward its proposals. We have been working hard with national governments, Members of the European Parliament, businesses, academics and NGOs to design new rules that uphold the fundamental right to data protection guaranteed by the EU’s Charter of Fundamental Rights, bring benefits for citizens, businesses, and public administrations alike, and are future-proof and open to innovation. And by working together we have achieved a very good result.
The new General Data Protection Regulation will enable people to regain control of their personal data in the digital age. This means above all, having clearer and more understandable information on how our personal data is processed. We will also have the right to know when our data has been hacked. And it will be easier for people to transfer their personal data between service providers thanks to a new right to data portability.
The “right to be forgotten” will be clarified. Individuals already have the right, under certain conditions, to ask for example that search engines remove links leading to personal information about them. This right must be balanced against right to freedom of expression.
The economy will also greatly benefit from this reform, which is a key foundation of the Digital Single Market. The reform will reduce costs and increase legal certainty for businesses, with a single set of rules across Europe replacing 28 diverging national laws. There will be closer coordination between the data protection supervisory authorities within a European Data Protection Board. And European businesses will see a level playing field, as non-EU companies will have to apply the same rules as EU companies when offering services in the EU. The new rules are also fit for innovation, as they encourage privacy-friendly techniques such as pseudonymisation, encryption and data protection by design.
The second component of the reform is a directive on data protection rules for the police and criminal justice sector. These new rules come at a time when improved cooperation across Europe in the fight against terrorism and other serious crime is of utmost importance. The new directive will allow for smoother cooperation and exchange of information between member states’ police and judicial authorities based on a common standard of data protection. And the rules will ensure that personal data, for instance of victims or witnesses of crime, is properly protected and that no mass surveillance or indiscriminate bulk collection of citizens’ data is allowed.
What are the next steps? The new rules will apply in two years’ time, giving businesses and public authorities time to get ready. The European Commission will work closely with member states, the national data protection authorities and stakeholders to ensure the rules will be applied uniformly across the EU. And citizens must know what their rights are, and know how to stand up for their rights when they believe they are not respected. That’s why the EU will launch public awareness-raising campaigns about the new data protection rules.
The new rules will bring tangible benefits to all people and businesses across the EU. And they set a global standard on protecting fundamental rights in the digital age. This achievement is something Europe can be proud of.