EU strikes deal to implement new data protection rules

16 Dec 2015

The EC and the EP have reached agreement on new data protection rules, which will have a major impact on the Digital Single Market

The European Council and the European Parliament have reached agreement on new data protection rules, which will have a major impact on the future of the Digital Single Market.

The EU Data Reform, originally tabled in 2012, contains a raft of data protection measures aimed at protecting Europeans in the digital age.

The Reform consists of two instruments: the General Data Protection Regulation, which will enable people to better control their personal data and make new rules surrounding businesses’ uses of data; and the Data Protection Directive for the police and criminal justice sector, which aims to ensure that the data of victims, witnesses, and suspects of crimes, is duly protected, and also allows for more cross-border cooperation.

Despite proposed earlier wording of the document leading to speculation that under-16s would require parental consent to use social networks, the new rules did not go that far in the end, with the Regulation stating that children under-13 will require parental consent when it comes to the processing of their data online – therefore essentially changing little for social networks like Facebook.

“The processing of personal data of a child below the age of 13 years shall only be lawful if and to the extent that consent is given or authorised by the child’s parent or custodian,” according to the regulation.

Trust is the watchword of Europe’s digital economy

More than 90pc of Europeans say they want the same data protection rights across the EU and these reformed rules take us somewhat closer to that.

“These new pan-European rules are good for citizens and good for businesses,” said Věra Jourová, Commissioner for Justice, Consumers and Gender Equality.

“Citizens and businesses will profit from clear rules that are fit for the digital age, that give strong protection and at the same time create opportunities and encourage innovation in a European Digital Single Market. And harmonised data protection rules for police and criminal justice authorities will ease law enforcement cooperation between member states based on mutual trust, contributing to the European Agenda for Security.”

The proposed reforms also aim to ensure people have more control over their own personal data.

Two-thirds of Europeans are concerned about not having complete control over the information they provide to internet companies. The recent ruling in the European Court of Justice making Safe Harbour agreements to facilitate the shuffling of Europeans’ data across the Atlantic to the US invalid pretty much sums up this sentiment.

The new data protection rules will ensure that individuals will have more information on how their data is processed and make it easier to transfer personal data between service providers.

The Regulation also enshrines the controversial “right to be forgotten” where consumers can request that internet giants delete their data when there is no longer legitimate grounds for retaining it.

Businesses will have to appoint data protection officers

The rules also make it compulsory for companies to inform consumers if their data has been hacked or compromised in any way.

The new Regulation will establish a single set of rules that will make it easier to set up digital businesses in the EU and will pave the way for a single authority on data protection.

The new rules will also see firms establish permanent roles for data protection officers, however, SMEs will be exempt from this if data processing is not their core business activity.

“Today’s agreement is a major step towards a Digital Single Market. It will remove barriers and unlock opportunities,” said Andrus Ansip, Vice-President for the Digital Single Market.

“The digital future of Europe can only be built on trust. With solid common standards for data protection, people can be sure they are in control of their personal information. And they can enjoy all the services and opportunities of a Digital Single Market. We should not see privacy and data protection as holding back economic activities. They are, in fact, an essential competitive advantage.

“Today’s agreement builds a strong basis to help Europe develop innovative digital services. Our next step is now to remove unjustified barriers that limit cross-border data flow, local practice and sometimes national law, limiting storage and processing of certain data outside national territory. So let us move ahead and build an open and thriving data economy in the EU – based on the highest data protection standards and without unjustified barriers,” Ansip said.

EU flags image via Shutterstock

Updated 10.35am, 16 December 2015: This article was updated to reflect the fact that children under 13, not children under 16, will require parental consent before their data can be processed online under the new Regulation. The original information was taken from an earlier draft version of the Regulation. Siliconrepublic.com apologises for this error.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com