Post on 11-Oct-2020
European CommissionJustice Date | 1
A comprehensive approach on personal data protection in the European Union
A comprehensive approach on personal data protection in the
European Union
European CommissionJustice Date | 2
A comprehensive approach on personal data protection in the European Union
Main legal instruments on EU level
• Data Protection Directive 95/46/EC
• Directive 2002/58/EC on privacy and electronic communications
• Regulation 45/2001 (Union institutions and bodies)
• Council Framework Decision 2008/977/JHA on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters
European CommissionJustice Date | 3
A comprehensive approach on personal data protection in the European Union
New challenges for the protection of personal data
Globalisation
InternetOn-line social networking
e-commerceon-line access to databases
on-line storage servicesModern information technologies
Electronic health recordsCloud computing
Radio frequency identification (RFID)Automatic face recognition
NanotechnologyUbiquous computing
Geo-locationVideo surveillance
ProfilingScoring
Behavioural advertising Biometric data, DNA
Access by law enforcement authorities Role of independent DPAs
Challenge through technological developments and globalisation
European CommissionJustice Date | 4
A comprehensive approach on personal data protection in the European Union
Changes by the Lisbon Treaty
Article 8 of the EU Charter of Fundamental Rights• defines the basic principles for the protection of personal data• Legally binding
Article 16 TFEU• new legal base • ordinary legislative procedure (EP, Council) • to adopt rules for the processing of personal data by
Union institutions, bodies, offices and agencies, and Member States when carrying out activities which fall within the scope of Union law, and
rules relating to the free movement of such data. includes ex-third pillar
Article 39 TEU• new legal base • Common Foreign and Security Policy (CFSP) issues • For processing by Member States only
European CommissionJustice Date | 5
A comprehensive approach on personal data protection in the European Union
Main policy objectives
• Address the impact of new technologies and modernise the current framework
• Improve the clarity and coherence of the EU legal framework for personal data protection so to ensure a high level of protection throughout all Union policies
• Provide a stronger institutional arrangement for the effective enforcement of data protection rules
European CommissionJustice Date | 6
A comprehensive approach on personal data protection in the European Union
Public consultations
• Reform webpage http://ec.europa.eu/justice/policies/privacy/review/index_en.htm
• Data Protection Conference 2009 http://ec.europa.eu/justice/news/events/events_en.htm#event_2009_05_19_20
• Public Consultation on the legal framework for the fundamental right to protection of personal data July - December 2009: ca. 150 replieshttp://ec.europa.eu/justice/news/consulting_public/news_consulting_0003_en.htm
• Stakeholder Consultation Meetings on the Review of the Data Protection Regulatory Framework June, July 2010http://ec.europa.eu/justice/news/events/events_en.htm#event_2010_07_01
• Public Consultation on the proposals included in the Commission's CommunicationNovember 2010- January 2011: ca. 300 replieshttp://ec.europa.eu/justice/news/consulting_public/news_consulting_0006_en.htm
European CommissionJustice Date | 7
A comprehensive approach on personal data protection in the European Union
4. Communication of the Commission COM(2010) 609
‘A comprehensive approach on personal data protection in the
European Union’
European CommissionJustice Date | 8
A comprehensive approach on personal data protection in the European Union
Communication of the Commission COM(2010) 609
Main elements for a reform
1. Strengthening individuals‘ rights
2. Enhancing the internal market dimension
3. Revising the rules on police and judicial cooperation in criminal matters
4. The global dimension of data protection
5. Better enforcement of data protection rules
European CommissionJustice Date | 9
A comprehensive approach on personal data protection in the European Union
Strengthening the individuals‘ rights
1. Ensuring appropriate protection for individuals in all circumstances
2. Increasing transparency for data subjects3. Enhancing control over one's own data4. Raising awareness5. Ensuring informed and free consent6. Protecting sensitive data7. Making remedies and sanctions more
effective
European CommissionJustice Date | 10
A comprehensive approach on personal data protection in the European Union
Enhancing the internal market dimension
1. Increasing legal certainty and providing a level playing field for data controllers
2. Reducing the administrative burden
3. Clarifying the rules on applicable law and Member States' responsibility
4. Enhancing data controllers' responsibility
5. Encouraging self-regulatory initiatives and exploring EU certification schemes
European CommissionJustice Date | 11
A comprehensive approach on personal data protection in the European Union
Revising the data protection rules in the area of police and judicial cooperation in criminal matters
First step:
Application of the general data protection rules to police and judicial cooperation in criminal matters, including for processing at domestic level
Specific and harmonised provisions in data protection framework where necessary e.g. processing of genetic data
European CommissionJustice Date | 12
A comprehensive approach on personal data protection in the European Union
Revising the data protection rules in the area of police and judicial cooperation in criminal matters
Second step:
Revising current supervision systems in police and judicial cooperation in criminal matters• consultation of all concerned stakeholders
Aligning existing sector-specific rules with the new general legal data protection framework
European CommissionJustice Date | 13
A comprehensive approach on personal data protection in the European Union
The global dimension of data protection
1. Clarifying and simplifying the rules for international data transfers, including the “adequacy procedure” in the new general legal data protection framework
3. Promoting universal principles
European CommissionJustice Date | 14
A comprehensive approach on personal data protection in the European Union
A stronger institutional arrangement for better enforcement of data protection rules
1. Strengthen, clarify and harmonise status and the powers of DPAs
3. Improve cooperation and coordination between Data Protection Authorities
1. Strengthen data protection supervisors, better coordination with Article 29 Working Party
European CommissionJustice Date | 15
A comprehensive approach on personal data protection in the European Union
5. The way forward
Evaluation and impact assessment Legislative proposals in early 2012 Proper monitoring of correct implemen-
tation of EU law – infringement policy Second step: adaptation of other legal
instruments to new general data protection framework
European CommissionJustice Date | 16
A comprehensive approach on personal data protection in the European Union
Thank you for your attention!
European Commission, DG JUSTICE Unit C3 “Data protection”