On 19 March the European Commission welcomed the adoption of an opinion by the European Parliament's Legal Affairs Committee on the Commission's proposal for a Data Protection Regulation reforming the EU's data protection rules. The Opinion on the proposed Data Protection Regulation keeps up the momentum that is building towards the rapid adoption of new EU data protection rules. The key elements of the Commission's data protection reform are as follows:
- the need to replace the current 1995 Data Protection Directive with a directly applicable regulation that covers the processing of personal data. A single set of rules on data protection, valid across the EU will remove the unnecessary administrative requirements for companies and can save businesses around €2.3 billion a year.
- the need to maintain a broad definition of "personal data".
- the need to give "explicit consent" as one of the legitimate grounds for processing data. The current directive states that consent has to be unambiguous. The Commission proposals foresee that if and when consent is used a ground for processing, then it has to be real and valid consent. It cannot be presumed that when a person remains silent or does not act, this means consent.
- the need to have a "one stop shop" for companies that operate in several EU countries. The proposal cuts red tape by introducing a one stop shop for businesses to deal with regulators.
- the scope of the data protection law enforcement directive. A new directive will apply to general data protection principles and rules to police and judicial authorities in criminal matters. These rules will apply to both domestic processing and cross border transfers of data and enhance trust between law enforcement authorities.