After 4 years, EU Parliament passes new data protection rules

14 Apr 2016

It’s been almost four years since proceedings began to agree new data protection rules within the EU, but the European Parliament has now passed new rules to help develop the digital single market.

Given that the EU’s current data protection rules have been in place since 1995, when the internet was still in its mainstream infancy, the new rules just passed by the EU Parliament were much needed.

According to the announcement made by the European Parliament, these new data protection rules will replace the older data protection legislation that has for years now been considered unfit for purpose.

These new rules are now expected to give citizens of the EU greater control over their own private information in a world of smartphones, social media, internet banking and global transfers.

A number of the new rules set out under the provision give the EU the power to enforce stricter penalties on major corporations and organisations that fail to protect a citizen’s data.

72 hours to report a data breach

The right to be forgotten ruling is being extended to cover all aspects of a person’s online life, so, for example, an individual could ask Facebook to delete their profile entirely.

Companies that are found to have breached the data protection rules could face fines of up to €20m or 4pc of their global annual turnover – whichever is greater.

Large companies that handle a lot of sensitive information will also be required to hire a data protection officer and, should a data breach occur, they must report it within 72 hours.

The new rules will also establish a single authority within the EU to deal with data protection complaints with the hope of making the whole process a lot faster.

The General Data Protection Regulation (GDPR) will come into effect this summer, after its publication in the EU Official Journal, with its provisions to become law in the 28 member states of the EU two years after that.

Member states will then have two years to enact the provisions into law.

‘We’ve cleared the final hurdle’

One of the leading figures of enacting GDPR, MEP Jan Philipp Albrecht, said of the passing of the vote: “This regulation is a huge step forward for the European Union, for fundamental rights in the EU, and it shows that we can deliver a legal framework for the digital age, and that we can deliver for democratic decisions still in the EU, which has huge value for citizens and consumers.”

Also commenting on the announcement was Ireland’s Minister for European Affairs and Data Protection, Dara Murphy, who said he was pleased with the outcome, particularly from an Irish perspective.

“Ireland has been to the forefront in negotiations on new EU-wide data protection rules, and with today’s approval by the European Parliament, we’ve cleared the final hurdle,” he said.

“We now have certainty about a modern, robust and uniform data protection regime that will apply throughout the European Union from 2018, which is very significant.”

European Parliament image via endermasali/Shutterstock

Colm Gorey was a senior journalist with Silicon Republic