EU ministers agree compromise on data protection regulation

News General Europe 15 JUN 2015
EU ministers agree compromise on data protection regulation

EU ministers have reached an agreement on reforming data protection regulations, opening the way for negotiations with the European Parliament on the final legislation. Designed to replace the existing data protection directive from 1995, the new law aims to give consumers greater control over how their personal data is used, especially online. It includes stricter provisions on explaining how data is collected and used, the 'right to be forgotten' when the data is no longer used, a right to port personal data between competing services such as social networks, limitations on automatic profiling to obtain personal details from basic data, and requirements to disclose any data security breaches to regulators and individuals. 

The proposal also extends EU regulations to businesses based outside the region and handling data on EU residents. The law upholds the 'safe harbour' system for transferring data on EU subjects to non-EU countries. These countries must show they offer sufficient personal data protection in order to receive the 'safe harbour' status, to be determined by the European Commission in cooperation with member states and Parliament. The Parliament had called for stricter protections for international transfers, with approval by national regulators and informing the subject required in certain cases. 

EU justice and home affairs ministers scaled back the original proposal to allow international companies to choose a 'one-stop shop' privacy regulator in the EU country of their choice. Instead, the one-stop mechanism will apply only in supervisory decisions on important transnational cases involving several national regulators. International data collectors will also be able to agree compliance mechanisms with regulators based on their assessed level of risk. 

Data subjects will be allowed to file complaints with national regulations over suspected violations of the law, and appeal any regulator decisions in their own country, regardless of where the regulator is based. The EU ministers also endorsed the EC's proposal for higher fines for violators, of up to EUR 1 million or 2 percent of global turnover. This is less than the EUR 100 million or 5 percent passed by Parliament. 

The council's text notably allows a considerable amount of flexibility for member states in implementing several parts of the regulations, particularly in areas involving the handling of personal data for law enforcement purposes. It also inserts a clause noting that data protection is not an absolute right, and must be subject to the principle of proportionately as elsewhere in EU law. 

The first so-called trilogue meeting, between the European Commission, Council and Parliament on a final text is scheduled for 24 June. 

Categories:

General

Regions:

Europe

Tags:

Data services, Messaging, Security, Hosting - cloud - data centres, Regulations, Advertising services, Legislation - Lawsuits

Related Articles

GLOBAL 1 FEB 2016

US, EU close to reaching safe harbour agreement

The US and EU are facing a deadline of 2 February to reach agreement on new 'safe harbour' data-privacy protection rules, the Wall Street Journal reports. Both parties said they hoped to get a deal in time, but some issues were still unresolved, such as the EU seeking more clarity on the transparency of oversight of data transfers.

EUROPE 19 JAN 2016

Only 18% of Europeans trust operators on personal data

Less than a third (32 percent) of Europeans believe there are advantages to big data, according to a study conducted by TNS Infratest on behalf of the Vodafone Institute. The survey of 8,000 respondents in eight European countries revealed that even fewer digital users – 26 percent – thought companies respected the privacy of their personal data, with only 29 percent feeling they had control over what information is collected about them. In terms of the types of companies that Europeans trust to correctly h

EUROPE 16 DEC 2015

EU reaches compromise on data protection directive

The European Council and Parliament have reached a compromise agreement on the new data protection directive, following three years of debate. Designed to replace the existing data protection directive from 1995, the new law aims to give consumers greater control over how their personal data is used, especially online. It also extends EU regulations to businesses based outside the region and handling data on EU residents. The legislation includes the General Data Protection Regulation, covering personal dat

UNITED STATES 21 OKT 2015

US House passes bill giving EU citizens judicial redress

The US House of Representatives has passed a bill making it possible for non-EU citizens to seeks judicial redress in the US. The inability of non-US citizens to seek legal recourse in US courts for alleged violations of their rights was one of the main reasons for the EU Court of Justice to strike down earlier this month the 'safe harbour' agreement on the transfer of personal data to the US by companies operating in the EU. The Consumer Electronics Association welcomed the decision by Congress, saying the

EUROPE 6 OKT 2015

EU-US 'safe harbour' data transfers declared invalid

The European Court of Justice (ECJ) has ruled that the 'safe harbour' agreement on data transfers between the EU and US is invalid, casting doubt on the extent to which US tech giants such as Facebook, Google and Apple can continue to collect data from their users in the EU. The ECJ's ruling upholds the opinion of its advocate-general Yves Bot, who last month said the 'safe harbour' deal should be invalidated "because the surveillance carried out by the US is mass, indiscriminate surveillance," leaving the

EUROPE 30 SEP 2015

EU Court to issue 'safe harbour' decision on 06 October

The European Court of Justice (ECJ) has announced that it will release its decision in the 'safe harbour' case on 06 October, less than a couple of weeks after the ECJ's advocate-general published a non-binding recommendation that the long-standing agreement on data transfer between the EU and US should be invalidated. The decision to expedite the announcement of the ECJ's final judgment suggests the court is aware of the importance of the ruling for a large number of companies who rely on 'safe harbour' fo

UNITED STATES 10 SEP 2015

Foreign warrants accepted for US-based customer data - DoJ

An attorney from the US Department of Justice told a Manahttan court of appeal that foreign governments can obtain customer data stored in the US, in the same way US authorities should be able to access e-mails stored by Microsoft in Dublin. Microsoft is fighting a US order to turn over the data, arguing that it must come from Irish authorities instead. The lawyer, Justin Anderson, said US law requires Microsoft to give law enforcement agencies access to the communications of suspects, in this case for drug

EUROPE 7 AUG 2015

EU security directive to include digital services - report

The latest proposal for the EU's Network and Information Security Directive would see digital services providers also covered by its security reporting obligations, according to a document seen by Reuters. Members of the European Parliament want the law to only cover sectors they consider critical, such as energy, transport and finance. But after months of negotiations, digital platforms will now fall under the law's remit, albeit with less onerous security obligations, according to the document, which did

EUROPE 19 JUN 2015

EU regulators find 'right to be forgotten' system working

The EU system put in place to enforce the 'right to be forgotten' online is working well, according to an assessment by the so-called Article 29 Working Party of national privacy regulators. Last May the EU Court of Justice ordered Google to remove personal information from its search engine results under certain conditions when this no longer has a public interest and could infringe an individual's right to privacy. In November 2014, the Article 29 group issued guidelines for national regulators on impleme

EUROPE 25 JUN 2014

US to extend privacy judicial redress to Europeans

The US government said it will look at extending judicial redress in the US for privacy violations to EU citizens. US Attorney General Eric Holder made the announcement at a joint meeting of the EU and US Justice and Home Affairs ministers, according to a statement from EU Justice Commissioner Viviane Reding. This would mean the US Privacy Act would apply to EU citizens and not just Americans, allowing Europeans subject to privacy violations by US companies or public bodies to seek redress in US courts. Red

EUROPE 13 MEI 2014

EU Court upholds right to be forgotten in Google search

The EU Court of Justice has upheld the right of individuals to request Google remove personal information about them from its search results. The court found that the EU's privacy directive entails the right to be 'forgotten' if personal information becomes "inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed and in the light of the time that has elapsed". Only an overriding public interest could justify leaving the information online. The cas

EUROPE 12 MRT 2014

EU Parliament approves tougher data protection regulation

The European Parliament has adopted a draft regulation preparing the way for stronger personal data protection in the EU. The text approved by the plenary session on first reading was identical to that passed by the Parliament's Committee on Civil Liberties, Justice and Home Affairs last October. The Parliament said in a statement that the aim was to consolidate the work so far on reforming data protection, so that the new Parliament taking office after elections in May does not need to start from scratch.

EUROPE 12 MRT 2014

European Parliament calls for suspension of US data-sharing

The European Parliament has called for a suspension of agreements with the US on sharing of private data in response to the revelations of wide-scale communications surveillance by US National Security Agency. The resolution passed by MEPs also threatens to suspend EU talks on a bilateral trade deal with the mass surveillance does not stop immediately. The resolution, passed by in a vote of 588 for, 78 against and 60 abstentions, follows a six-month inquiry into the NSA allegations revealed by former govern

Just In

19 DEC 16:42

SLT-Mobitel launches 5G network in Sri Lanka

19 DEC 16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

19 DEC 15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

19 DEC 15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.