MEPs vote in favour new rules to protect EU citizens’ personal data

12 Mar 2014

MEPs voted today to approve a major overhaul of the EU’s outmoded 19-year-old data-protection laws. In particular, the new rules provide stronger safeguards for citizens’ personal data that leaves the EU and includes fines of up to €100m.

The EU’s 19-year-old EU data protection laws urgently need updating to keep pace with the progress of ICT, globalisation and the growing use of personal data for law enforcement purposes.

To better protect EU citizens against surveillance activities like those unveiled since June 2013, MEPs amended the rules to require any firm (e.g. a search engine, social network or cloud storage service provider) to seek the prior authorisation of a national data protection authority in the EU before disclosing any EU citizen’s personal data to a third country.

The firm would also have to inform the person concerned of the request.

Firms that break the rules should face fines of up to €100 million, or up to 5pc of their annual worldwide turnover, whichever is greater, say MEPs. The European Commission had proposed penalties of up to €1 million or 2pc of worldwide annual turnover.

The right to privacy

The new rules should also better protect data on the internet, especially in the fallout following the revelations by Edward Snowden about surveillance of non-EU citizens by the US NSA and the UK’s GCHQ.

They include a right to have personal data erased, new limits to “profiling” (attempts to analyse or predict a person’s performance at work, economic situation, location, etc.), a requirement to use clear and plain language to explain privacy policies. Any internet service provider wishing to process personal data would first have to obtain the freely given, well-informed and explicit consent of the person concerned.

“I have a clear message to the Council: any further postponement would be irresponsible,” explained rapporteur for the general data protection regulation, Jan Philipp Albrecht.

“The citizens of Europe expect us to deliver a strong EU wide data protection regulation. If there are some member states which do not want to deliver after two years of negotiations, the majority should go ahead without them.”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years