210 likes | 390 Views
A European Data Protection Framework for the 21st century. Paul NEMITZ Director DG JUSTICE – Fundamental Rights and Union Citizenship. Why a new European framework for Data Protection?. The impact of technology and globalisation A fragmented legal framework at EU level
E N D
A European Data Protection Framework for the 21st century Paul NEMITZ Director DG JUSTICE – Fundamental Rights and Union Citizenship
Why a new European framework for Data Protection? • The impact of technology and globalisation • A fragmented legal framework at EU level • Institutional changes: The Lisbon Treaty
What does COM aim to achieve?The objectives of the reform • Strengthening individuals’ rights, particularly online • Create a clear, consistent and uniformly • applied EU data protection framework • Facilitate international data flows while ensuring adequate protection
The Challenge of Technology • 92% of Europeans are concerned about mobile apps collecting their data without their consent. • 89% of people say they want to know when the data on their smartphone is being shared with a third party. They want the option to give or refuse permission. • 3 in 4 citizens do not feel in control of their data • Can our economy continue to grow without the trust of citizens?
How will these objectives be achieved? The Data Protection Regulation (I) • Replaces Data Protection Directive 95/46/EC • Sets out the general Data Protection framework in the EU • But maintains the same objectives: - Protecting the fundamental right to Data Protection AND - Ensuring the free flow of personal data between Member States
The Data Protection Regulation (II) PUTTING INDIVIDUALS IN CONTROL OF THEIR DATA • Better information about data processing • Consent to be given explicitly, whenever required • Easier rights of access and ‘data portability’ • ‘Right to be forgotten’ • Data breach notifications (DPAs and individuals)
The Data Protection Regulation (III) RULES FIT FOR THE DIGITAL SINGLE MARKET • One single law, directly applicable • Cutting red tape (e.g. abolishing general notifications) • ‘One-stop shop’ system for data protection in the EU: one single DPA to deal with a company
Economic Benefits • One single law– saves businesses EUR 2,3 billion per year through harmonisation and simplification of the regulatory environment • Cutting red tape – saves businesses EUR 130 million per year • ‘One-stop shop’ system reduces legal uncertainty about supervision and enforcement (difficult to quantify enhanced confidence and certainty) • Enhanced trust in individuals creates opportunity for business in the internal market (see next slide on opportunity cost of lack of trust) => SIMPLER AND MORE FLEXIBLE RULES BOOSTING CONFIDENCE, GROWTH, INNOVATION
Data Protection Regulation – SME Concerns RULES TARGETED TO SMEs TO AVOID UNDUE BURDENS • General benefits: simplification of the regulatory environment – harmonisation and ”one-stop-shop” • No undue administrative burden on SMEs • “Think small first principle” organically a part of proposed Regulation (Recital 11) • Targeted provisions: • Large majority of SMEs exempted from Data Protection Officer obligation, unless engaged in risky processing • Narrowly targeted criteria for Data Protection Impact Assessments, unless engaged in risky processing • SMEs exempted from documentation obligations
The Data Protection Regulation (IV) IMPROVEMENT IN DATA PROTECTION GOVERNANCE • Independent and stronger national DPAs • Swifter and more efficient cooperation between DPAs • A new ‘European Data Protection Board’ • EU level ‘consistency mechanism’
The Data Protection Regulation (V) INTERNATIONAL TRANSFERS • Clearer rules on the application of EU law for controllers established outside • Clearer criteria on adequacy and central role of the Commission • More flexible instruments for global data flows (e.g. “Binding Corporate Rules”)
The Directive in the field of crim. justice and police cooperation (I) WHY A SEPARATE DIRECTIVE? • Replaces the Framework Decision ("minimum harmonisation" and limited powers of ECJ to enforce the rules) • Keeps the necessary flexibility to take account of the specific nature and needs of this area
The Directive in the field of crim. justice and police cooperation (II) • Extension to “domestic” (national) processing • Same general principles (lawfulness, necessity, proportionality etc.) • Harmonised limitations/derogations (e.g. access to data, right to information)
State of play at the end of 2012 • Council – slow but steady progress under DK and CY PRES. Article-by-article reading and horizontal themes (administrative burden, delegated/implementing acts, public sector flexibility). • EP – faster pace: LIBE Rapporteur Albrecht presented draft report 9 January 2013. Four other EP Committees involved : IMCO, JURI, ITRE, EMPL.
The way forward in 2013 • Council – reinvigorated pace of discussions under IE PRES. Continuation of first reading and horizontal discussion on administrative sanctions, right to be forgottten, 'household exemption') • EP - The EP rapporteurs have prepared their draft reports which will now be discussed in the relevant parliamentary committees. An EP plenary vote is expected around April. • Commission –continue to work closely and support EP and Council in their endeavour to achieve a political agreement on the data protection reform by the end of the Irish Presidency.
Your contribution to the endeavour • COM needs "all hands on deck" to maintain a constructive debate. • Monitoring and reporting on national debates • Participation in online debates (especially through social media channels) • Advocacy and dissemination of arguments in favour of the reform • Myth-busting – crucial at a time of intense anti-EU populism in many Member States.
Thank you for your attentionhttp://ec.europa.eu/justice/data-protection/index_en.htm