Data protection tops the Commission’s agenda


The Passenger Name Records agreement between the EU and the USA was criticised as a step in the wrong direction for European data protection. [greensefa/Flickr]

The ever-expanding flow of information, cloud computing and powerful search engines all come with the risk that personal data may fall into the wrong hands. A legislative package to improve the protection of European Union citizens’ private data has been expected since 2011, but was delayed by the European Elections in May. reports.

The legislation currently in place dates from 1995, when the Internet held only around 1% of the data it now contains. This package contains a general regulation on data protection, and a directive that will be written into law in the 28 member states.

Cybercrime poses a serious threat to the confidentiality of personal data stored online. In 2013, 100 million individuals were victims of identity theft.

The EU hopes that the legislative package, which has always had the complete support of the European Parliament, will be adopted in 2015. Paul Nemitz, a director in the European Commission’s DG Justice, says that if the political will exists, the Council will adopt the package.

>> Read: National parliaments raise the pressure on data protection

Ministers from the 28 member states came to an agreement on the territorial scope of the future legislation and the rules governing the transfer of personal data to third countries or international organisations at the Council of the European Union on 5 and 6 June 2014. They also opened the discussion on the one-stop shop mechanism, a concept that would address the need for greater coherence within the EU on questions of personal data protection. This subject is a priority of the Italian Presidency of the Council of the European Union.

“This reform will pave the way for a digital age with a fair competitive environment for European SMEs,” Paul Nemitz explained.

The European Commission hardens its stance towards the United States

The future Commissioner for the Digital Single Market, Andrus Ansip, identified data protection as a top priority during his European Parliament hearing, and emphasised the importance of the rapid implementation of the data protection directive.

>> Read: Ansip threatens to suspend Safe Harbour data agreement with US

The Commission has called for a revision of the Safe Harbour security agreement with the United States. The institution has drafted 13 recommendations for data protection in businesses, in response to the Snowden affair, aimed at reducing loopholes in security. “Safe Harbour is in danger if the recommendations are not followed,” Paul Nemitz explained. Andrus Ansip also said he would not rule out suspending the security agreement with the United States.

The future President of the European Commission, Jean-Claude Juncker, has also been very clear on this point. He has stated that data protection is a non-negotiable issue, saying “I will not sacrifice Europe’s safety, health, social and data protection standards on the altar of free trade.”

>> Read: Reding warns data protection could derail US trade talks

In his priorities document, Juncker also indicated that he expects guarantees from the United States, in order to rebuild the confidence in transatlantic relations that was so damaged by the Snowden affair. The EU wants the United States to guarantee that European citizens will have their data protection rights upheld in the American courts. 

The problem of mass data harvesting

The question of the selection, use and storage of large quantities of data by “big data” companies could pose significant problems, according to Mr Nemitz.

>> Read: Embrace big data to educate Europe

The European Commission believes that big data could bring great advantages in domains such as economics, natural sciences and the environment. Their concern is to optimise the advantages of big data, whilst protecting citizens’ right to a private life.

The existing European rules on data protection were adopted in 1995, when the internet was still in its infancy.

In January 2012, the European Commission published a vast legislative package aimed at replacing the existing rules and giving greater protection to personal data across the EU.

The package includes two legislative proposals: one general regulation on data protection (directly applicable in all the member states) and one directive specifically aimed at data protection in the police and the justice systems (to be transposed into national law).

  • 2015: target date for adoption of legislative package 

Subscribe to our newsletters