A year ago, on 25 January 2012, the European Commission released draft amendments to the European data protection framework. The proposed Directive aims at increasing harmonisation and applying general principles of personal data protection, while continuing to respect specificities in the field.
In today’s economy, focus on data protection is of increasing importance; and, although this reform is not yet finalised, we can expect a substantial impact on corporate organisations as well as for data processors. This article provides an overview of the main points to be affected by the proposed amendments.
Reasons for Reform
The main objectives pursued by the European Commission with this reform are as follows:
- A modernisation of the European system regarding the protection of personal data;
- The reinforcement of the rights of individuals;
- The reduction of paperwork, in order to allow for free circulation of data within the European Union;
- The improvement in clarity and consistency of the European rules for data protection, aimed at allowing consistent and efficient application of the fundamental right to protection of personal data in the European Union.
The 95/46/CE directive would be replaced by a regulation and, as such, would need no transposition by the Member States, thus increasing coherence within the whole European Union. The current 2008/977/CAJ Framework Decision would be replaced by a directive.
Challenging growth and competitiveness
The proposed directive relates to the treatment of personal data by investigative authorities, and to the free circulation of such data. One of the key features brought forth by the aforementioned directive and regulation is that limitations to the general principles will be subject to minimum harmonised conditions and criteria. Furthermore, a differentiation will be introduced among the various categories of people concerned by the treatment of data (such as witnesses or suspects) who can have different rights.
The reform may also be seen as a step further for the digital economy. By increasing personal data protection, it obviously reinforces the trust of consumers in e-commerce, an essential in encouraging people to use new products and services.
A European data breach notification requirement for the electronic communication sector is introduced as an obligation to notify personal data breaches to the supervisory authority.
The proposals would also simplify transfers of data, notably with the recognition of the Binding Corporate Rules.
In a nutshell, the aim of the EU’s data protection reform is to modernise, simplify, and strengthen the data protection framework. It will oblige corporate entities to be more accountable for their data processing, and large companies will need to appoint data protection officers in order to evolve with the times.