The European Commission today published a new set of proposals tailored to provide added protection and privacy for users. The EU's proposal for a comprehensive reform of data protection rules would increase users' control of their data and cut costs for businesses. The Commission is suggesting that the EU do away with the previous data protection rules, implemented in 1995, and instead replace them with a single law. The would eliminate the fragmentation that has come as a result of the 27 EU member states implementing the 1995 rules in different ways, as well as cut down on the costly administrative burdens placed on businesses trying to keep up.
"Seventeen years ago less than 1% of Europeans used the internet. Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds," said EU Justice Commissioner Viviane Reding. "The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data. My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information. The reform will accomplish this while making life easier and less costly for businesses.A strong, clear and uniform legal framework at EU level will help to unleash the potential of the Digital Single Market and foster economic growth, innovation and job creation."
The proposal includes several key changes, chief among them 'the right to be forgotten.' This will mean people will be able to delete their data if there is no legitimate grounds for a service to retain it. What's more, companies can be fined up to 2 percent of their global annual turnover if they violate the rules.
The Commission's proposals will next be passed to the European Parliament and EU Member States for discussion and will take effect two years after they have been adopted.
Here are the key changes in the reform proposals, as listed by the European Commission:
- A single set of rules on data protection, valid across the EU. Unnecessary administrative requirements, such as notification requirements for companies, will be removed. This will save businesses around €2.3 billion a year.
- Instead of the current obligation of all companies to notify all data protection activities to data protection supervisors – a requirement that has led to unnecessary paperwork and costs businesses €130 million per year, the Regulation provides for increased responsibility and accountability for those processing personal data.
- For example, companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours).
- Organisations will only have to deal with a single national data protection authority in the EU country where they have their main establishment. Likewise, people can refer to the data protection authority in their country, even when their data is processed by a company based outside the EU. Wherever consent is required for data to be processed, it is clarified that it has to be given explicitly, rather than assumed.
- People will have easier access to their own data and be able to transfer personal data from one service provider to another more easily (right to data portability). This will improve competition among services.
- A ‘right to be forgotten’ will help people better manage data protection risks online: people will be able to delete their data if there are no legitimate grounds for retaining it.
- EU rules must apply if personal data is handled abroad by companies that are active in the EU market and offer their services to EU citizens.
- Independent national data protection authorities will be strengthened so they can better enforce the EU rules at home. They will be empowered to fine companies that violate EU data protection rules. This can lead to penalties of up to €1 million or up to 2% of the global annual turnover of a company.
- A new Directive will apply general data protection principles and rulesfor police and judicial cooperation in criminal matters. The rules will apply to both domestic and cross-border transfers of data.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Why, for the love of god, do these regulations regard mostly companies and not us people?! Did the EU forget who is paying them their bloody wages?Reply
tommo1982Why, for the love of god, do these regulations regard mostly companies and not us people?! Did the EU forget who is paying them their bloody wages?Reply
but it was the corporate powers that got them elected / appointed
These guys know NOTHING!
"Security and privacy" is almost solely dependent on the user...
Yea, sure, the OS/Web Browser has a big impact on alot of hacks, but what is to stop a person that doesn't know better?
I hope the wording in the laws is a lot more precise than in those bullet points.Reply
People will have easier access to their own data and be able to transfer personal data from one service provider to another more easily (right to data portability). This will improve competition among services.That's a marketing point, not a law.
Now, I understand that these bullet points are likely to just be a summary of (hopefully) more precise legislation, but the sixth point is particularly awesome:Reply
"A ‘right to be forgotten’ will help people better manage data protection risks online: people will be able to delete their data if there are no legitimate grounds for retaining it."
Now, if only we can get facebook to be compliant.
Oh boy, a 1 million Euro fine? Why does this strike me as an attempt to water down what's already there?Reply
How about the right to privacy? So that people can't just look you up and find your address and phone number through those sites that just inventory public records. Unless you specifically give those sites permission to make those records available. This is also a safety concern from someone trying to escape someone abusive or dangerous.Reply
Better yet there should be no public records of private individuals. Everything should require a court order or the persons written and notarized consent to be viewed.
Some of the ideas seem good such as data portability. If that means easily transfer your e-mail from one ISP to another or provider to another. Though I don't think that is feasible unless each person gets their own domain so that MX Entries can be transferred between hosts.
"How about the right to privacy?"Reply
This is already part of EU law.
"EU rules must apply if personal data is handled abroad by companies that are active in the EU market and offer their services to EU citizens. "Reply
Isn't this more like the Consulate General's or Embassy Rules which are there for every country physically?