EU data protection rules

The European Parliament's civil liberties committee today voted on legislation revising core EU rules on data protection (1). Green MEP and European Parliament draftsperson/rapporteur on the data protection regulation Jan Philipp Albrecht welcomed the outcome, stating:

"This evening's vote is a breakthrough for data protection in Europe and would overhaul EU rules, ensuring they are up to the task of the challenges in the digital age. This legislation introduces overarching EU rules on data protection, replacing the current patchwork of national laws, and a clear majority of MEPs has tonight voted to ensure it delivers a high level of protection for EU citizens.

"The EP now has a clear mandate to start negotiations with EU governments, with a view to finalising this crucial legislation as soon as possible. The ball is now in the court of member state governments to agree a position and start negotiations, so we can respond to citizens' interests and deliver an urgently needed update of EU data protection rules without delay. EU leaders should give a clear signal to this end at this week's summit.

"MEPs have voted to make clear that it is exclusively EU law that applies to EU citizens' private data online regardless of where the business processing their data has its seat: the data of EU citizens cannot be transferred to third parties without any legal basis in EU law. Today's vote would also ensure that citizens can truly exert control over their personal information online. Provisions on explicit consent would mean online users cannot be duped into signing control of their private data away but will have to be asked explicitly and regularly if they agree to their private data being processed. Provisions establishing 'right to erasure' would ensure that companies are made responsible for erasing the data of users who request this, and for ensuring this erasure is comprehensive and downstream, so long as this does not impinge on the right of freedom of information or expression of others. Crucially, MEPs have also ensured the rules have teeth: meaningful sanctions (up to 5% of turnover) should act as a real deterrent for companies to infringe EU law."

(1) The committee voted on the two legislative files (a regulation and a directive) revising existing EU legislation on data protection. Following the vote, MEPs approved a mandate to open trilogue negotiations with EU governments, with a view to reaching a final agreement on the legislation as soon as possible.