One year ago, ahead of the European Data Protection Day 2012, the European Commission proposed a root and branch reform of the EU’s data protection rules to make them fit for the 21st century (IP/12/46). One year later, considerable headway has been made and negotiations on the new rules are progressing at full speed.
The reasons are clear: To flourish, the digital economy needs trust. Many people are not confident about giving out their personal data online. This means they are less likely to use online services and other technologies. Strong, reliable, consistently applied rules will make data processing safer, cheaper and strengthen people’s confidence. Confidence in turn drives growth. Some estimates show that EU GDP could grow by a further 4% by 2020 if the EU takes the necessary steps to create a modern digital single market.
"We live in a digital world in which personal data has enormous economic value. Already, a person's location patterns can be captured and tracked. Soon, sensors will tell phones whether their users are alone or in a crowd," said Vice-President Viviane Reding, the EU’s Justice Commissioner. "European businesses need to take advantage of this new computing and information-sharing landscape and European consumers need to be able to navigate safely though the digital age. A uniform and modern data protection law for the European Union is exactly what we need to secure trust and generate growth in the digital single market. I am working very hard to make sure that by next year's Data Protection Day this reform will be in the statute book."
On 26 October 2012 (SPEECH/12/764) and 18 January 2013 (SPEECH/13/29), European justice ministers held detailed discussions on the reform proposals, including the right to be forgotten, fines for organisations which mishandle personal data and the costs and benefits of the new rules for businesses. Meanwhile, on 8 January 2013, the European Commission welcomed the support for strong EU data protection rules expressed in the draft reports by the European Parliament on the reform proposals (MEMO/13/4). Both the European Parliament and ministers meeting in the Council of the EU will continue their discussions over the coming months under the Irish Presidency of the EU.
In the digital age, the collection and storage of personal information are essential. Data is used by all businesses – from insurance firms and banks to social media sites and search engines. In a globalised world, the transfer of data to third countries has become an important factor in daily life. There are no borders online and cloud computing means data may be sent from Berlin to be processed in Boston and stored in Bangalore.
74% of Europeans think that disclosing personal data is increasingly part of modern life, but at the same time, 72% of Internet users are worried that they give away too much personal data. They feel they are not in complete control of their data. Fading trust in online services and tools holds back the growth of the digital economy and Europe's digital single market.
On 25 January 2012 the European Commission proposed a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy. The Commission's proposals update and modernise the principles enshrined in the 1995 Data Protection Directive to bring them into the digital age. They include a proposal for a Regulation setting out a general EU framework for data protection and a proposal for a Directive on protecting personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities (IP/12/46).
The Commission proposals follow up on the European Parliament report by Axel Voss (MEMO/11/489) which called on the Commission to reform European data protection rules.
A European Parliament vote is expected around the end of April. The Irish Presidency of the EU which for the next six months will chair and steer the Council meetings has made data protection a priority and is working hard to achieve a political agreement on the data protection reform by the end of the Irish Presidency (June 2013).