top of page
This site was designed with the
.com
website builder. Create your website today.Start Now

Towards a new EU regulation on data protection

Tomorrow, on June 24, 2015, the European Commission, the European Parliament and the Council of the EU will be starting the negotiations aiming the adoption of a new EU regulation on data protection by the end of 2015.

These negotiations referred to as "Trilogue" are organised following the important step which was reached mid-June for the EU data protection reform.

Indeed, the EU Council composed of the Ministers of Justice reached an agreement on the main framework of the future rules on data protection.

This framework, that will be a starting point for the negotiations to come, includes especially an agreement on the following points:

  • the regulation will establish a harmonized set of rules on data protection which will apply to the 28 members of the EU;

  • national data protection authorities (such as the “Commission Nationale de l’Informatique et des Libertés” in France) will be empowered to fine companies that do not respect EU rules on data protection. They will be entitled to order fines up to €1 million or up to 2% of the global annual turnover of the company;

  • the regulation proposal plans to establish a “one-stop shop” system for companies and individuals in order for them to only have to deal with one single data protection authority, which will be their home country national data protection authority, even if they deal with data outside of their home country;

  • the regulation will put an end to some red tape regarding administrative requirements such as notification obligations for companies;

  • companies established outside of the EU will have to abide by the EU regulations in order to be allowed to offer their services in the EU;

  • a “right to data portability” should facilitate for individuals the transfer of their personal data from one service provider to another;

  • the "right to be forgotten" will be reinforced : individuals will be entitled to ask for the deletion of their personal data if no legitimate ground justifies their retention. Therefore, a data controller will be required to delete personal data, unless it is able to prove that the data is necessary or relevant. This point reinforces the right to be forgotten which resulted from the European Court of Justice decision of May 13, 2014 (Case C-131/12). This decision provided for an obligation for the search engine to delete inadequate or irrelevant personal data from its search results, but not to delete the content in itself. With the new regulation, individuals could therefore not only obtain the deletion of the search results, but also of the data itself.

The negotiations between the representatives of the European Parliament, Council of the EU and European Commission promise to be challenging especially regarding the application of the one-stop shop system and the amounts of the fines that the data protection authorities will be entitled to order.


Featured Posts
Recent Posts
Archive
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
bottom of page