News
BackThis week, members of the European Parliament voted with an overwhelming majority in favour of negotiations with the Council of Ministers on the new EU data protection regulations. The new regulations shall provide people with more control of their personal data. It will also be ensured that the same rules apply in all EU Member States. Now the Council of Ministers has to react to the bill of the EU Parliament. However, the Council is taking its time as there are still Member States, which are opposed to the new rules, thereby blocking an early agreement.
EU Parliament puts pressure on - Council of Ministers must show its true colours
The current data protection rules originate from 1995. Hence, it was high time for these rules to undergo a complete overhaul in order to keep up with the progress made since then in respect of information technologies, globalisation and the increased usage of personal data for the purpose of criminal prosecution. More than two years have already passed since the EU Commission presented the new proposal. During this time, the EU Parliament has tried in countless sessions to find a position. Now light has been shed on the ideas of Parliament. For example, agreement has been reached that companies breaking any data protection rules might face fines of up to 100 million euros or up to 5 % of their global annual turnover, depending which of the amounts is larger. The European Commission had proposed fines of up to 1 million euros or 2 % of their global annual turnover. The new rules shall also improve data protection on the internet. They include the right to have personal data deleted, new limits of profiling (attempts to analyse and predict respectively a person’s performance at work, his or her economic situation, location, etc.) as well as the demand to use clear and simple language in declarations on data protection or privacy policy. Every internet service provider wanting to process personal data must first obtain the freely and expressly given approval of the person in question. In order to improve EU citizens’ protection against surveillance measures, as those disclosed in June 2013, MEPs have amended the rules so that every company (e.g. a search engine, a social network or a cloud storage provider) is obliged to obtain prior authorisation of a national data protection authority to transfer personal data of a EU citizen to a third country. The company also has to inform the person in question of the application. The decision, which has been taken, increases pressure on the Council to at last nail its colours to the mast so that an agreement can soon be reached.
Improving data protection is of particular concern to the Chamber of Labour
In view of the increasing threat to data protection interests of consumers but also to employees, improving data protection in Europe is of particular concern to the Chamber of Labour. Hence, it has been actively involved, for example by bringing forward its requests in respect of the legislative procedure in the European Parliament. The AK has not only always been critical of the attempt by some (external) European lobby groups to use the reform discussion for the purpose of watering down the current level of protection, but it has also always vehemently opposed any attempts to reduce the future level of protection compared to the current Directive. Another important issue from the point of view of the AK was that persons in case of alleged privacy breaches by a globally active enterprise are able to take their complaint to the data protection authority of their country of residence. The vote in the EU Parliament has now ensured that this will be possible.
Next steps
The European Parliament has now voted at first reading on the legislative proposal in order to consolidate the work undertaken so far and to submit it to the new EU Parliament. This vote ensures that the MEPs newly elected in May can decide not to go back to square one but to build on the work of the current legislative period and to enter negotiations with the Council of Ministers.
Further information:
AK Position paper on the draft report on the proposal for a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data
Overview of the ordinary legislative procedure in respect of data protection regulations
The current data protection rules originate from 1995. Hence, it was high time for these rules to undergo a complete overhaul in order to keep up with the progress made since then in respect of information technologies, globalisation and the increased usage of personal data for the purpose of criminal prosecution. More than two years have already passed since the EU Commission presented the new proposal. During this time, the EU Parliament has tried in countless sessions to find a position. Now light has been shed on the ideas of Parliament. For example, agreement has been reached that companies breaking any data protection rules might face fines of up to 100 million euros or up to 5 % of their global annual turnover, depending which of the amounts is larger. The European Commission had proposed fines of up to 1 million euros or 2 % of their global annual turnover. The new rules shall also improve data protection on the internet. They include the right to have personal data deleted, new limits of profiling (attempts to analyse and predict respectively a person’s performance at work, his or her economic situation, location, etc.) as well as the demand to use clear and simple language in declarations on data protection or privacy policy. Every internet service provider wanting to process personal data must first obtain the freely and expressly given approval of the person in question. In order to improve EU citizens’ protection against surveillance measures, as those disclosed in June 2013, MEPs have amended the rules so that every company (e.g. a search engine, a social network or a cloud storage provider) is obliged to obtain prior authorisation of a national data protection authority to transfer personal data of a EU citizen to a third country. The company also has to inform the person in question of the application. The decision, which has been taken, increases pressure on the Council to at last nail its colours to the mast so that an agreement can soon be reached.
Improving data protection is of particular concern to the Chamber of Labour
In view of the increasing threat to data protection interests of consumers but also to employees, improving data protection in Europe is of particular concern to the Chamber of Labour. Hence, it has been actively involved, for example by bringing forward its requests in respect of the legislative procedure in the European Parliament. The AK has not only always been critical of the attempt by some (external) European lobby groups to use the reform discussion for the purpose of watering down the current level of protection, but it has also always vehemently opposed any attempts to reduce the future level of protection compared to the current Directive. Another important issue from the point of view of the AK was that persons in case of alleged privacy breaches by a globally active enterprise are able to take their complaint to the data protection authority of their country of residence. The vote in the EU Parliament has now ensured that this will be possible.
Next steps
The European Parliament has now voted at first reading on the legislative proposal in order to consolidate the work undertaken so far and to submit it to the new EU Parliament. This vote ensures that the MEPs newly elected in May can decide not to go back to square one but to build on the work of the current legislative period and to enter negotiations with the Council of Ministers.
Further information:
AK Position paper on the draft report on the proposal for a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data
Overview of the ordinary legislative procedure in respect of data protection regulations