EC starts reform of data protection regulations

The European Commission has proposed a major reform of data protection regulations, aiming to save businesses money and boost consumer confidence online. The current directive from 1995 has proven burdensome for businesses operating online and across borders, while the growing amount of personal data used online has raised security concerns. The EC proposed a new regulation setting out a general EU framework for data protection, simplifying and consolidating the current patchwork of rules across states, and a new directive covering the use of personal data for law enforcement activities. Notably the rules will apply not only to businesses and individuals in the EU, but also to those based outside the EU and delivering services in the region. Under the proposal, businesses will no longer need to notify all data protection activities to data protection supervisors and instead be required to notify only serious data violations to national regulators (within 24 hours if feasible). They will also be allowed to deal with only the regulator in the country where they are established, even for activities elsewhere in the EU or data handled by companies outside the EU. National regulators will receive increased powers, including the ability to issue fines of up to EUR 1 million or 2 percent of annual turnover. Consumers will receive increased rights of data portability to new service providers and the 'right to be forgotten', or have their data deleted by service providers when no longer needed. The EC has already held a public consultation on the issue and the proposals will now go to the Parliament and Council for consideration. Once adopted, member states will have two years to implement the changes.