Today, the European Parliament voted through the new EU Data Protection reform package (621 in favour of the new Regulation and 10 against with 22 abstentions). It's a clear endorsement of the proposals. The EU press release says this reform is "a necessity" and is now "irreversible".
Viviane Reding (the EU Justice Commissioner) said that strong data protection is Europe's trade mark. She also referred to the US data spying scandals as indicating that data protection is more than ever a competitive advantage.
Specifics
- MEPs increased the fines to be imposed on firms that break the rules to up to Euro 100 million or 5% of annual worldwide turnover (increased from Euros 1 million / 2% of annual worldwide turnover)
- Data exports to be only permitted with prior authorisation
- Rights to have data erased, limits on profiling and plain language privacy policies will be the norm
- The Principle of Accountability underpins the whole proposal: so the focus on governance, policies, procedures, audits and appointing a Chief Privacy Officer / Data Protection Officer is key
Next steps
The European Parliament will not change its position even if the composition of the Parliament changes after the EU elections in May. The Parliament will now negotiate with the Council (representing the 28 EU member state governments). So far the Council has said it broadly supports the proposals but the detail is yet to be confirmed and, we we blogged last week, they recognise that there is still work to be done.
Thoughts?
The fact that the Council has yet to define its position means that this is not yet final. Expect more negotiations on this when the Justice Ministers meet in June.
Viviane Reding says this is about strengthening protection for citizens and making life easier for business. Many will take issue with the second part of that statement.
Interesting, there was less Parliamentary support for the new Data Protection Directive regulating privacy issues in relation to law enforcement bodies (this sits separately from the proposed general Regulation). However, this was also voted through even if less decisively (371 in favour, 276 against with 30 abstentions).
For more information, visit our Privacy and Data Security blog at www.datagovernancelaw.com
About Dentons
Dentons is a global firm driven to provide you with the competitive edge in an increasingly complex and interconnected marketplace. We were formed by the March 2013 combination of international law firm Salans LLP, Canadian law firm Fraser Milner Casgrain LLP (FMC) and international law firm SNR Denton.
Dentons is built on the solid foundations of three highly regarded law firms. Each built its outstanding reputation and valued clientele by responding to the local, regional and national needs of a broad spectrum of clients of all sizes – individuals; entrepreneurs; small businesses and start-ups; local, regional and national governments and government agencies; and mid-sized and larger private and public corporations, including international and global entities.
Now clients benefit from more than 2,500 lawyers and professionals in 79 locations in 52 countries across Africa, Asia Pacific, Canada, Central Asia, Europe, the Middle East, Russia and the CIS, the UK and the US who are committed to challenging the status quo to offer creative, actionable business and legal solutions.
Learn more at www.dentons.com
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances. Specific Questions relating to this article should be addressed directly to the author.
