|EU Data Protection Regulation to be finalised by end of 2015
Ministers in the Council reached a General Approach on the new data protection rules, confirming the comprehensive reform of data protection rules of January 2012 to increase users' control of their data and to cut costs for businesses.
Completing the Digital Single Market is one of the top priorities of the European Commission. The internet and digital technologies are transforming our world. But if citizens do not trust online services, they will not benefit from all the opportunities presented by technology. Confidence is paramount, but it is still far from a reality.
Data protection reform will address this lack of trust. It will strengthen citizen’s rights such as the right to be forgotten, the right to data portability and the right to be informed of personal data breaches. The reform gives national regulators enforcement powers to ensure that these new rules are properly applied.
The new rules will put citizens back in control of their data, notably through:
- A right to be forgotten: When you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted.
- Easier access to your own data: Individuals will have more information on how their data is processed and this information should be available in a clear and understandable way. Moreover, a right to data portability will make it easier for you to transfer your personal data between service providers.
- The right to know when your data has been hacked: Companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours) so that users can take appropriate measures.
- Data protection first, not an afterthought: ‘Data protection by design’ and ‘Data protection by default’ will also become essential principles in EU data protection rules – this means that data protection safeguards should be built into products and services from the earliest stage of development, and that privacy-friendly default settings should be the norm – for example on social networks or mobile apps.
The European Commission's data protection reform will help the digital single market realise this potential, notably through four main innovations:
- One continent, one law: The Regulation will establish a single, pan-European law for data protection, replacing the current inconsistent patchwork of national laws. Companies will deal with one law, not 28.
- One-stop-shop: The Regulation will establish a 'one-stop-shop' for businesses: companies will only have to deal with one single supervisory authority, not 28, making it simpler and cheaper for companies to do business in the EU; and easier, swifter and more efficient for citizens to get their personal data protected.
- The same rules for all companies – regardless of where they are established: Today European companies have to adhere to stricter standards than companies established outside the EU but also doing business on the Single European Market. With the reform, companies based outside of Europe will have to apply the same rules. We are creating a level-playing field. Moreover rules for international transfers of data are streamlined, through simplified approval of binding corporate rules. This will foster international trade while ensuring continuity of protection for personal data.
- European regulators will be equipped with strong enforcement powers: Data protection authorities will be able to fine companies who do not comply with EU rules up to 2% of their global annual turnover.
The three-way negotiation process between the commission, parliament and council – known as the trilogue – is set to begin on 24 June and is expected to last six months. Their shared ambition is to reach a final agreement by the end of 2015.
For more information, contact Patrick SOENEN.
About Callens, Pirenne, Theunissen & C°
Callens, Pirenne, Theunissen & C° is a professional services firm established in 1936 maintaining prominent place among the top 10 firms in Belgium. Our philosophy is client driven and industry focused, with our team of experts in various disciplines dedicated to providing impeccable service.
About Crowe Horwath
Crowe Horwath LLP (Crowe Horwath) is one of the largest public accounting, consulting, and technology firms in the United States. Under its core purpose of “Building Value with Values®,” Crowe uses its deep industry expertise to provide audit services to public and private entities while also helping clients reach their goals with tax, advisory, risk and performance services. With offices coast to coast and 3,000 personnel, Crowe is recognized by many organizations as one of the country's best places to work. Crowe serves clients worldwide as an independent member of Crowe Horwath International, one of the largest global accounting networks in the world. The network consists of more than 200 independent accounting and advisory services firms in more than 120 countries around the world.