The European Commission has proposed a reform of European data protection rules in order to strengthen online privacy rights, as the current EU data protection legislation from 1995 does not take into account the technological progress of recent years.
Technological developments have altered the ways in which data is collected and used, thus rendering the current data protection legislation obsolete, says the European Commission.
Consequently, in May 2009 the Commission launched a review of the current legal framework for data protection, proposing in January 2012 a reform of the 1995 legislation. A single set of rules on data protection is to be introduced that will be valid across the European Union.
Explicit consent, right to be forgotten and data portability
The single set of rules introduces the obligation of obtaining explicit user consent for the processing of user data, instead of the merely assuming that consent was given.
An especially important element of the new rules is also the introduction of the ‘right to be forgotten’. People will now be able to delete their data if there are no legitimate grounds for retaining it, forcing entities like Google and Facebook to completely erase user information from their servers.
“These rules are particularly aimed at young people as they are not always as aware as they could be about the consequence of putting photos and other information on social network websites, or about the various privacy settings available”, said a spokesman for the Justice Commissioner Viviane Reding.
In addition, the new rules will also introduce the ‘right to data portability’. People will now be able to transfer personal data from one service provider to another more easily, enabling competition among services.
Rules to apply for all companies active in the EU
The new European data protection rules will apply for all companies that are active in the EU market, whether or not they are actually based in the EU.
Independent national data protection authorities will be strengthened so they can better enforce the EU rules at home and will have the power to impose severe fines for breaches of data protection.
In addition a new Directive will apply general data protection principles and rules for police and judicial cooperation in criminal matters.
The proposals will be passed on to the European Parliament and EU Member States for discussion. They will take effect two years after they have been adopted.