The European Commission recently issued a communication document outlining its approach on personal data protection in the European Union. The Commission aims to modernise the EU legal system for data protection in an effort to deal with the challenges resulting from globalisation and new technologies. In particular, the Commission noted the difficulties presented by the use of social networking sites, cloud computing and technologies which enable automatic data collection such as geo-location devices
The communication document outlines, at a high level, five main objectives of the Commission:
Strengthening individuals’ rights – the approach of the Commission focuses on ensuring transparent processing of personal data and taking into account the new technologies and the impact on individuals’ rights. The Commission uses the example of online behavioural advertising as a situation where it is difficult for an individual to know and understand if personal data is being collected, by whom, and for what purpose. The Commission will also look into the possibility of extending mandatory breach notifications;
Enhancing the internal market dimension – the Commission will examine means to achieve further harmonisation of data protection rules at EU level and reduce the administrative burden on data controllers of the current notification process;
Revising data protection rules in the area of police and judicial cooperation in criminal matters – the Commission stresses that the notion of a comprehensive data protection scheme does not exclude specific rules for data protection for the police and judicial sector. The Commission will examine the extension of the data protection rules to this sector and the need to introduce specific and harmonised provisions, for example, on data protection regarding the processing of genetic data for criminal law purposes;
The global dimension of data protection – the Commission intends to improve and streamline current processes for the transfer of data outside the EEA and to clarify the Commission’s criteria for assessing the adequacy of the protection provided in a third country;
Better enforcement of data protection rules – the Commission believes that the role of the Data Protection Authorities should be strengthened by providing them with the necessary powers and resources to properly exercise their tasks both at national level and when co-operating with each other.
A public consultation on the Commission’s proposals is open to stakeholders until 15 January 2010. It is not clear at this stage which of the proposals outlined above will be legislated on by the Commission however the Commission has stated that it intends to propose legislation in 2011 aimed at revising the legal framework for data protection. A copy of the Commission’s communication document is available here