The EU Council has reached agreement on some of the new data protection rules, following much of the 2012 EC proposal to update and modernise the 1995 Data Protection Directive.

The EU Council agreed on the major elements of the 2012 proposal including:

  • the basic principles of data protection;
  • the rights and obligations of Controllers and Processors;
  • the territorial scope and the transfer of personal data to third countries; and
  • the role and co-operation of the supervisory authorities.

The form of the new legislation will be a Regulation, the Regulation will be applicable to non-EU companies if they offer services to EU consumers; EU companies will in the future deal with a single national Data Protection Authority; and there will be new rights to be forgotten and to data portability.

In order for this to become law, the text will need to be adopted jointly by the European Parliament and Council of Ministers. Negotiations between the EU Council, the EU Parliament and the EU Commission will commence on June 24th.

Please click here for further information from the EU Council.