“The protection of personal data is a fundamental right,” said Vice-President Viviane Reding, EU Commissioner for Justice, Fundamental Rights and Citizenship. “To guarantee this right, we need clear and consistent data protection rules. We also need to bring our laws up to date with the challenges raised by new technologies and globalisation. The Commission will put forward legislation next year to strengthen individuals’ rights while also removing red tape to ensure the free flow of data within the EU’s Single Market.”
Today’s strategy sets out proposals on how to modernise the EU framework for data protection rules through a series of key goals:
* Strengthening individuals’ rights so that the collection and use of personal data is limited to the minimum necessary. Individuals should also be clearly informed in a transparent way on how, why, by whom, and for how long their data is collected and used. People should be able to give their informed consent to the processing of their personal data, for example when surfing online, and should have the “right to be forgotten” when their data is no longer needed or they want their data to be deleted.
* Enhancing the Single Market dimension by reducing the administrative burden on companies and ensuring a true level-playing field. Current differences in implementing EU data protection rules and a lack of clarity about which country’s rules apply harm the free flow of personal data within the EU and raise costs.
* Revising data protection rules in the area of police and criminal justice so that individuals’ personal data is also protected in these areas. Under the Lisbon Treaty, the EU now has the possibility to lay down comprehensive and coherent rules on data protection for all sectors, including police and criminal justice. Naturally, the specificities and needs of these sectors will be taken into account. Under the review, data retained for law enforcement purposes should also be covered by the new legislative framework. The Commission is also reviewing the 2006 Data Retention Directive, under which companies are required to store communication traffic data for a period of between six months and two years.
* Ensuring high levels of protection for data transferred outside the EU by improving and streamlining procedures for international data transfers. The EU should strive for the same levels of protection in cooperation with third countries and promote high standards for data protection at a global level.
* More effective enforcement of the rules, by strengthening and further harmonising the role and powers of Data Protection Authorities. Improved cooperation and coordination is also strongly needed to ensure a more consistent application of data protection rules across the Single Market.
To obtain views on the Commission’s ideas – as highlighted in the
Communication attached to this consultation – on how to address the new
challenges for personal data protection (e.g., fast developing
technologies, globalisation) in order to ensure an effective and
comprehensive protection to individual’s personal data within the EU.