BETA


1990/0287(COD) Personal data protection

Progress: Procedure completed

RoleCommitteeRapporteurShadows
Lead JURI MEDINA ORTEGA Manuel (icon: PES PES)
Committee Opinion ECON HERMAN Fernand H.J. (icon: PPE PPE)
Lead committee dossier:
Legal Basis:
EC before Amsterdam E 100A, EC before Amsterdam E 113

Events

2019/10/24
   EC - Follow-up document
Details

This Commission staff working document accompanies the report from the Commission on the third annual review of the functioning of the EU-U.S. Privacy Shield.

It presents the findings of the Commission services on the implementation and enforcement of the EU-U.S. Privacy Shield framework in its third year of operation.

Commercial aspects

The Commission assessed the concrete functioning of the administration, oversight and enforcement of the Privacy Shield process. The third annual review focused notably on the recertification process, compliance monitoring and enforcement.

The (re)-certification process

At the time of the review meetings, just over 5000 companies were certified under the Privacy Shield. After three years of operation, the Privacy Shield has therefore more participating companies than its predecessor, the Safe Harbor arrangement. The majority (more than 70%) of Privacy Shield certified-companies are Small and Medium-sized entreprises (SMEs). The success of the Privacy Shield is also reflected in the current re-certification rate of 89%.

The Commission services welcome that the Department of Commerce (DoC) continously reviews the (re-)certification process and amends it to address issues as they arise.

Monitoring and supervision by the Department of Commerce

The Commission services welcome that the DoC is carrying out proactive compliance spot-checks on a regular basis and in a systematic manner, which is important for improving the overall compliance with the framework. Whereas the spot-checks should continue to be done regularly and in a systematic manner, compliance with these requirements is thus crucial for the continuity of the Privacy Shield and should be subject to strict monitoring and enforcement by the U.S. authorities.

False claims

The DoC detected 669 cases of false claims of particpation since the last review in October 2018. In all these cases, the DoC sent certified warning letters to the companies concerned. In most cases, companies completed their (re-)certification further to these warning letters.

The Commission services regret that the DoC does currently not have appropriate tools at its disposal to more effectively identify false claims of participation in the framework by companies that have never applied for certification.

Enforcement by the Federal Trade Commission (FTC)

Seven enforcement actions related to Privacy Shield violations were concluded. All seven cases concerned false claims of participation in the framework. The Commission services would have expected a more vigorous approach regarding enforcement action on substantive violations of the Privacy Shield Principles.

More generally, the Commission services note that it has been an important year for the FTC’s enforcement actions in the area of privacy. In particular, two major settlements were reached for alleged violations of the Children's Online Privacy Protection Rule (“COPPA”). The first case resolved the charges against YouTube to have illegally collected personal information from children without their parents’ consent. As a result of this settlement, YouTube (and its parent company Google) agreed on a $170 million penalty.

The second case, settled with a penalty of $5.7 million, concerned the FTC’s allegations against the Video Social Networking App Musical.ly (known as TikTok) for having illegally collected personal information from children without parental consent.

Access and use of personal data

The Commission services welcome clarifications, which confirm the Commission’s findings in the adequacy decision that the collection of foreign intelligence information under Section 702 the Foreign Intelligence Surveillance Act (FISA) is targeted through the use of selectors and that the choice of selectors is governed by law, subject to independent judicial and legislative oversight.

2019/10/23
   EC - Follow-up document
Details

The Commission presents its report on the third annual review of the functioning of the EU-U.S. Privacy Shield.

In its third year of operation, the Privacy Shield, which at the time of the annual review meeting had more than 5000 participating companies, has moved from the inception phase to a more operational phase. Covering both commercial aspects and issues relating to government access to personal data, the third annual review focused on the experience and lessons learnt from the practical application of the framework.

Main findings

Commercial aspects

In light of the findings of last year’s annual review, the Commission’s assessment of the commercial aspects focused notably on the progress made by the Department of Commerce on:

- Re-certification process

With respect to the re-certification process, it emerged at the third annual review that as a regular practice, at the expiration of the (re)certification period, if a company has not yet completed the re-certification process, the Department of Commerce, following an internal procedure, grants to the company a “grace period” of a significant length. During this period (for approximately 3.5 months, or, in some instances and depending on when the Department of Commerce detects that the re-certification process was not completed, even a longer period of time), the company remains on the Privacy Shield “active” list. For as long as a company is listed as participating in the Privacy Shield, the obligations under the framework remain binding and fully enforceable. However such a long period in which a company’s recertification due date has lapsed while the company continues to be listed as active Privacy Shield participant reduces the transparency and readability of the Privacy Shield list for both businesses and individuals in the EU. It also does not incentivise participating companies to rigorously comply with the annual re-certification requirement.

- Effectiveness of the “spot-checks”

With respect to proactive checks of companies’ compliance with the Privacy Shield requirements, the Department of Commerce introduced in April 2019 a system in which it checks 30 companies each month. The Commission welcomes that the Department of Commerce is carrying out proactive compliance spot-checks on a regular basis and in a systematic manner. However, it notes that these spot-checks tend to be limited to formal requirements such as the lack of response from designated points of contact or the inaccessibility of a company's privacy policy online. Compliance with these spot-checks are crucial for the continuity of the Privacy Shield and should be subject to strict monitoring and enforcement by the U.S. authorities.

- Tools to detect false claims

The Department of Commerce had continued to conduct searches on a quarterly basis, which has led to the detection of a significant number of cases of false claims, which in some instances were also referred to the Federal Trade Commission. However, these searches have so far only been aimed at companies that had in some way already been certified or applied for certification under the Privacy Shield (but, for example, were not re-certified). It is important that they also target companies that have never applied for certification under the Privacy Shield. From all kinds of false claims, the false claims from companies that never applied for certification are potentially the most harmful.

- Progress and outcome of Federal Trade Commission enforcement actions regarding violations of the Privacy Shield

The Commission noted that since last year, the Federal Trade Commission concluded seven enforcement actions related to Privacy Shield violations, including as a result of the announced ex officio sweeps. All seven cases concerned false claims of participation in the framework. The Commission welcomes the enforcement action taken by the Federal Trade Commission in the third year of operation of the Privacy Shield. However, the Commission would have expected a more vigorous approach regarding enforcement action on substantive violations of the Privacy Shield Principles.

Access and use of personal data by U.S. public authorities

The third annual review was, first of all, aimed at confirming that all the limitations and safeguards that the adequacy decision relies on remain in place. In addition, the third annual review provided an opportunity to look at new developments and to further clarify certain aspects of the legal framework, as well as the different oversight mechanisms and the possibilities for redress, in particular with respect to the handling and resolution of complaints by the Ombudsperson.

Conclusion

The information gathered in the context of the third annual review confirms the Commission’s findings in the adequacy decision, both with regard to the commercial aspects of the framework and with regard to aspects relating to access to personal data transferred under the Privacy Shield by public authorities. In this respect, the Commission noted a number of improvements in the functioning of the framework as well as appointments to key oversight bodies.

However, in light of some issues that emerged from the day-to-day experience or became more relevant in the context of the practical implementation of the framework, the Commission concludes that a number of concrete steps need to be taken to better ensure the effective functioning of the Privacy Shield in practice:

- The Department of Commerce should shorten the different time periods that are granted to companies for completing the re-certification process. A period of maximum 30 days in total would seem reasonable to allow companies sufficient time for re-certification, including for rectifying any issue identified in the re-certification process, while at the same time ensuring the effectiveness of this process. If at the end of this period the re-certification is not completed, the Department of Commerce should send out the warning letter without further delay.

- In the context of its spot-check procedure, the Department of Commerce should assess companies’ compliance with the Accountability for Onward Transfers Principle, including by making use of the possibility provided by the Privacy Shield to request a summary or a representative copy of the privacy provisions of a contract concluded by a Privacy Shield-certified company for the purposes of onward transfer.

- As a matter of priority, the Department of Commerce should develop tools for detecting false claims of participation in the Privacy Shield from companies that have never applied for certification, and use these tools in a regular and systematic manner.

- The Federal Trade Commission should, as a matter of priority, find ways to share meaningful information on ongoing investigations with the Commission, as well as with EU Data Protection Authorities that also have enforcement responsibilities under the Privacy Shield.

- The EU Data Protection Authorities, the Department of Commerce and the Federal Trade Commission should develop common guidance on the definition and treatment of human resources data in the coming months.

Lastly, the Commission will continue to follow closely the ongoing debate about federal privacy legislation in the U.S. A comprehensive approach to privacy and data protection would increase the convergence between the EU and the U.S. systems and this would strengthen the foundations on which the Privacy Shield framework has been developed.

2018/12/20
   EC - Follow-up document
2018/12/19
   EC - Follow-up document
Details

The Commission presents its second annual review of the functioning of the EU-U.S. Privacy Shield.

The EU-U.S. Privacy Shield Decision was adopted on 12 July 2016. It ensures an adequate level of protection for personal data that has been transferred from the EU to organisations in the U.S. The Decision provides for an annual evaluation of all aspects of the functioning of the framework. The first annual review took place in 2017, with the Commission concluding that the U.S. continued to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the Union to organisations in the U.S. At the same time, the Commission made ten recommendations to improve the Privacy Shield framework in order to ensure that the guarantees and safeguards provided therein continued to function as intended.

This report concludes the second annual review of the functioning of the Privacy Shield and is based on information gathered from relevant stakeholders (in particular Privacy Shield-certified companies, and non-governmental organisations active in the field of digital rights and privacy), as well as from the relevant U.S. authorities involved in the implementation of the framework. The review took place in the context of the challenges to data privacy that are increasingly global in nature, as exemplified by the Facebook / Cambridge Analytica case. The report states that both sides stressed the need for vigorous enforcement actions by the EU’s Data Protection Authority and the U.S. Federal Trade Commission.

Findings

Commercial aspects : this relates to questions concerning the administration, oversight and enforcement of the obligations applying to certified companies. The Commission notes that in line with its recommendations from the first annual review, the Department of Commerce has further strengthened the certification process and introduced new oversight procedures, including: (i) a new process that requires first-time applicants to delay public representations regarding their Privacy Shield participation until their certification review is finalised by the Department of Commerce; (ii) new mechanisms to detect potential compliance issues, such as random spot-checks (at the time of the annual review, such spot checks had been performed on about 100 organisations) and the monitoring of public reports about the privacy practices of Privacy Shield participants; (iii) a quarterly review of companies that have been identified as more likely to make false claims and a system for image and text searches on the internet.

Since the first annual review, the Department of Commerce has referred more than 50 cases to the Federal Trade Commission, which in turn took enforcement action in those cases where the referral as such was not sufficient in order to make the company concerned come into compliance.

With respect to enforcement, the Commission noted that the Federal Trade Commission recently issued administrative subpoenas to request information from a number of Privacy

Shield participants. Although the Commission considers that the Federal Trade Commission's more proactive approach to compliance monitoring is an important development, it regrets that at this stage it was not possible for to provide further information on its recent investigations and will closely monitor any further developments in this regard.

Access and use of personal data by U.S. public authorities

The reauthorisation of Section 702 of the Foreign Intelligence Surveillance Act at the beginning of 2018. While the reauthorisation did not lead to the incorporation of the protections of Presidential Policy Directive 28 into the Act, as the Commission wanted, neither did it restrict any of the safeguards contained in the Act which were in place when the Privacy Shield decision was adopted. Moreover, the amendments did not expand the powers of the U.S. Intelligence Community to acquire foreign intelligence information by targeting non-U.S. persons under Section 702. Instead, the Amendments Reauthorization Act of 2017 introduced some limited additional privacy safeguards, for instance in the area of transparency.

The Privacy and Civil Liberties Oversight Board : new members of the Board have been appointed which restores the Board's quorum. The Board’s report of 16 October 2018 confirms that Presidential Policy Directive 28 is fully applied across the intelligence community, which has adopted detailed rules on the implementation of that Directive and have changed their practices in order to bring them in line with the requirements of Presidential Policy Directive 28.

Conclusions

On the basis of the findings, the Commission concludes that the United States continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the Union to organisations in the United States. In particular, the steps taken to implement the Commission's recommendations following the first annual review have improved several aspects of the practical functioning of the framework in order to ensure that the level of protection of natural persons guaranteed by the adequacy decision is not undermined.

However, the report notes that although the Commission had recommended the swift appointment of the Privacy Shield Ombudsperson , the position of Under-Secretary in the State Department to whom the office of the Ombudsperson has been assigned had not yet been filled by a permanent appointment at the time of the report.

Accordingly, the Commission reiterates its call on the U.S. administration to confirm its political commitment to the Ombudsperson mechanism by appointing a permanent Privacy Shield Ombudsperson as a matter of priority. The Ombudsperson mechanism is an important element of the Privacy Shield framework and, while the acting Ombudsperson continues to carry out the relevant functions, the absence of a permanent appointee is highly unsatisfactory. The Commission expects the U.S. government to identify a nominee to fill the Ombudsperson position on a permanent basis by 28 February 2019.

2015/11/06
   EC - For information
2010/02/05
   EC - Follow-up document
Documents
2009/05/12
   EC - Follow-up document
Documents
2009/05/12
   EC - Follow-up document
2007/05/02
   EDPS - Document attached to the procedure
Details

OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR on the Communication from the Commission to the European Parliament and the Council on the follow-up of the Work Programme for better implementation of the Data Protection Directive .

On 7 March 2007, the aforementioned Communication was sent by the Commission to the EDPS. In accordance with Article 41 of Regulation (EC) No 45/2001, the EDPS presents this opinion.

The Communication reiterates the importance of Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data as a milestone in the protection of personal data and discusses the Directive and its implementation. The central conclusion of the Communication is that the Directive should not be amended. The implementation of the Directive should be further improved by means of other policy instruments, most of them with a non binding nature.

The EDPS shares the central conclusion of the Commission that the Directive should not be amended in the short term . The points of departure for the EDPS are as follows: (i) in the short term, energy is best spent on improvements in the implementation of the Directive; (ii) in the longer term, changes of the Directive seem unavoidable; and (iii) a clear date for a review to prepare proposals leading to such changes should already be set now. Such a date would give a clear incentive to start the thinking about future changes already now.

According to the EDPS, the main elements for future change include:

no need for new principles, but a clear need for other administrative arrangements; the wide scope of data protection law applicable to all use of personal data should not change; data protection law should allow a balanced approach in concrete cases and should also allow data protection authorities to set priorities; the system should fully apply to the use of personal data for law enforcement purposes, although appropriate additional measures may be necessary to deal with special problems in this area.

Moreover, the EDPS suggests that the Commission specify: (i) a timeline for the activities of Chapter III of the Communication; (ii) a deadline for a subsequent report on the application of the Directive; (iii) terms of reference to measure the realisation of the activities foreseen; and (iv) indications on the way to proceed in the longer term.

The EDPS regrets that the perspective of global privacy and jurisdiction plays a limited role in the Communication and asks for practical solutions that reconcile the need for protection of the European data subjects with the territorial limitations of the European Union and its Member States, such as: (i) the further development of a Global Framework for data protection; (ii) the further development of the special regime for transfer of data to third countries; (iii) international agreements on jurisdiction or similar agreements with third countries; and (iv) investing in mechanisms for global compliance, such as the use of binding corporate rules by multinational companies. The EDPS invites the Commission to start developing a vision on this perspective, together with most relevant stakeholders.

On law enforcement , the EDPS has the following suggestions to the Commission:

further reflection on the implications of the involvement of private companies in law enforcement activities; preserve the effet utile of Article 13 of the Directive, possibly by proposing legislation aiming at harmonizing the conditions and the safeguards for using the exemptions of Article 13.

Full implementation of the Directive means: (i) that it be ensured that the Member States fully comply with their obligations under European law; and (ii) that other, non binding tools, that could be instrumental to a high and harmonised level of data protection be fully used. The EDPS asks from the Commission to clearly indicate how it will use the different instruments.

In relation to those instruments :

in certain cases, specific legislative action at EU level may be necessary; the Commission is encouraged to pursue a better implementation of the Directive through infringement procedures; the Commission is invited to use the instrument of an interpretative communication for the following issues: (i) the concept of personal data; (ii) the definition of the role of data controller or data processor; (iii) the determination of applicable law; (iv) the purpose limitation principle and incompatible use; and (v) legal grounds for processing, especially with regard to unambiguous consent and balance of interests; non binding instruments include instruments building on the concept of ‘privacy by design’; for longer term also: (i) class actions; (ii) actions initiated by legal persons whose activities are designed to protect the interests of certain categories of persons; (iii) obligations for data controllers to notify security breaches to data subjects; and (iv) provisions facilitating the use of privacy seals or third-party privacy audits in a trans-national setting.

Lastly, the EDPS invites the Commission to present a paper to the Working Party giving clear indications on the division of roles between them.

2007/03/07
   EC - Follow-up document
Details

The Commission's first report on the implementation of Directive 95/46/EC (please refer to the summary of 15/05/2003) contained a Work Programme for better implementation of the data protection

Directive . This Communication examines the work conducted under this programme, assesses the present situation, and outlines the prospects for the future as a condition for success in a number of policy areas in the light of Article 8 of the European Charter of Fundamental Rights, recognising an autonomous right to the protection of personal data.

The Commission considers that the Directive lays down a general legal framework that is substantially appropriate and technologically neutral . The harmonised set of rules ensuring a high standard of protection for personal data throughout the EU has brought considerable benefits for citizens, business and authorities. It protects individuals against general surveillance or undue discrimination on the basis of the information others hold on them. The trust of consumers that personal details they provide in their transactions will not be misused is a condition for the development of e-commerce. Business operate and administrations cooperate throughout the Community without fearing that their international activities be disrupted because personal data they need to exchange are not protected at the origin or the destination.

The Commission details the work that has been carried out under 10 action areas since the publication of the first report. This includes a “structured dialogue" with Member States on national transposition, and a detailed analysis of national legislation and discussions with national authorities aimed at bringing national legislation fully in line with the requirements of the Directive.

Overview of implementation of the Directive: the Commission states that implementation has improved . A ll Member States have now transposed the Directive. On the whole, national transposition covers all the main provisions along the lines of the Directive. The actions undertaken under the Work Programme have been positive and have substantially contributed to improving the implementation of the Directive throughout the Community. The decisive involvement of the national data protection supervisory authorities through their participation in the Working Party has played a major role. However, some countries have not yet properly implemented the Directive . One concern is respect for the requirement that data protection supervisory authorities act in complete independence and are endowed with sufficient powers and resources to exercise their tasks. These authorities are key building blocks in the system of protection conceived by the Directive, and any failure to ensure their independence and powers has a wide-ranging negative impact on the enforcement of the data protection legislation.

In some case divergences arise within the margin of manoeuvre of the Directive. However, a study shows that despite some divergences, the Directive has been implemented with modest costs for firms.

No evidence is found among the complaints received by the Commission that national divergences within the limits of the Directive may actually obstruct the proper functioning of the internal market or limit the free flow of data on grounds of a lack or inadequacy of protection in the country of origin or destination. Nor do constraints within their country of establishment distort competition between private operators. The Directive is therefore fulfilling its objectives: to secure the free flow of personal data within the internal market while ensuring a high level of protection in the Community. The Commission goes on to state that the legal solutions provided by the Directive, beyond achieving harmonisation, are themselves appropriate to the issues at stake. It considers the requirements imposed by public interests, such as the International Agreement with the US to address the use of passengers' PNR data and states its commitment to respecting the Charter of Fundamental Rights in all its proposals.

The way ahead : the Commission intends to pursue a policy characterized by the following elements:

- the Directive should not be amended, since the Data Protection Directive constitutes a general legal framework which fulfils its original objectives by constituting a sufficient guarantee for the functioning of the Internal Market while ensuring a high level of protection;

- the Commission will pursue proper implementation of its provisions at national and international level.

- it will produce an interpretative communication on some provisions. The problems identified in implementing particular provisions of the Directive that may lead to formal infringement procedures correspond to an understanding by the Commission about the meaning of the provisions in the Directive and about the correct way to implement them, taking into account the case law, as well as the interpretation work conducted by the Working Party. Such ideas will be clearly set forth in an interpretative communication;

- the Commission encourages all actors involved to endeavour to reduce national divergences. Different activities will be conducted for this purpose. The Work Programme will continue and the Working Party should improve its contribution to harmonising practice. The Commission will consider the challenges of new technologies. Where a particular technology is found to consistently pose questions as regards the application of the data protection principles, and its widespread use or potential intrusiveness is considered to justify more stringent measures, the Commission could propose sector- specific legislation at EU level in order to apply those principles to the specific requirements of the technology in question.

- the Commission considers the task of providing a coherent response to the demand for public interest uses, especially for security. In striking the important balance between measures to ensure security and protect nonnegotiable fundamental rights, the Commission makes sure that it protects personal data as guaranteed by Article 8 of the Charter of Fundamental Rights. The EU works with external partners also. In particular the EU and USA have a continuous transatlantic dialogue to discuss information sharing and the protection of personal data for law enforcement purposes. The Commission will consider the implementation of the Directive once again upon conclusion of the measures laid out in this Communication.

Lastly, it will continue to monitor the implementation of the Directive, work with all stakeholders to further reduce national divergences, and study the need for sector-specific legislation to apply data protection principles to new technologies and to satisfy public security needs.

2005/09/06
   EU - Implementing legislative act
Details

ACT : Commission Decision 2006/253/EC on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the Canada Border Services Agency.

CONTENT : Pursuant to Directive 95/46/EC, Member States are required to provide that the transfer of personal data to a third country may take place only if the third country in question ensures an adequate level of protection and if the Member States’ laws implementing other provisions of the Directive are complied with prior to the transfer.

In the framework of air transport, the ‘Passenger Name Record’ (PNR) is a record of each passenger’s travel requirements which contains all information necessary to enable reservations to be processed and controlled by the booking and participating airlines.

The Decision provides that for the purposes of Article 25(2) of Directive 95/46/EC, the Canadian Customs Border Services Agency (CBSA) is considered to ensure an adequate level of protection for PNR data transferred from the Community concerning flights bound for Canada in accordance with the Commitments set out in the Annex. The competent authorities in Member States may exercise their existing powers to suspend data flows to the CBSA in order to protect individuals with regard to the processing of their personal data in the following cases:

- where a competent Canadian authority has determined that the CBSA is in breach of the applicable standards of protection; or

- where there is a substantial likelihood that the standards of protection set out in the Annex are being infringed, there are reasonable grounds for believing that the CBSA is not taking or will not take adequate and timely steps to settle the case at issue, the continuing transfer would create an imminent risk of grave harm to data subjects and the competent authorities in the Member State have made reasonable efforts in the circumstances to provide the CBSA with notice and an opportunity to respond.

Suspension shall cease as soon as the standards of protection are assured and the competent authorities of the Member States concerned are notified.

Member States shall take all the measures necessary to comply with the Decision within four months of the date of its notification.

The Decision will expire three years and six months after the date of its notification, unless extended in accordance with the procedure set out in Article 31(2) of Directive 95/46/EC.

2004/05/14
   EU - Implementing legislative act
Details

PURPOSE : to establish the level of protection for PNR data transferred from the Community concerning flights to or from the United States, pursuant to Directive 95/46/EC.

LEGISLATIVE ACT : Commission Decision 2004/535/CE on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the United States’ Bureau of Customs and Border Protection

CONTENT : Pursuant to Directive 95/46/EC, Member States are required to provide that the transfer of personal data to a third country may take place only if the third country in question ensures an adequate level of protection and if the Member States’ laws implementing other provisions of the Directive are complied with prior to the transfer.

In the framework of air transport, the ‘Passenger Name Record’ (PNR) is a record of each passenger’s travel requirements which contains all information necessary to enable reservations to be processed and controlled by the booking and participating airlines.

It should be noted that the Council has adopted Decision 2004/496/EC on the conclusion of an Agreement between the European Community and the United States of America on the processing and transfer of PNR data by Air Carriers to the United States Department of Homeland Security, Bureau of Customs and Border Protection. (Please refer to CNS/2004/0064.) This Decision was adopted in the context of the fight against terrorism.

The United States Bureau of Customs and Border Protection (CBP) of the Department of Homeland Security (DHS) requires each carrier, operating passenger flights in foreign air transportation to or from the United States, to provide it with electronic access to PNR to the extent that PNR is collected and contained in the air carrier’s automated reservation system.

This Decision provides that for the purposes of Article 25(2) of Directive 95/46/EC, the United States’ Bureau of Customs and Border Protection ( CBP) is considered to ensure an adequate level of protection for PNR data transferred from the Community concerning flights to or from the United States, in accordance with the Undertakings set out in the Annex. The Decision aims to establish a framework of rules for data to be transferred.

The transfer of date by EU airlines will be governed by certain “Undertakings of the Department of Homeland Security Bureau of Customs and Border Protection (CBP) . The standards by which CBP will process passengers’ PNR data on the basis of United States legislation and the Undertakings cover the basic principles necessary for an adequate level of protection for natural persons:

- As regards the purpose limitation principle, air passengers’ personal data contained in the PNR transferred to CBP will be processed for a specific purpose and subsequently used or further communicated only in so far as this is not incompatible with the purpose of the transfer. In particular, PNR data will be used strictly for purposes of preventing and combating: terrorism and related crimes; other serious crimes, including organised crime, that are transnational in nature; and flight from warrants or custody for those crimes.

- As regards the data quality and proportionality principle, which need to be considered in relation to the important public interest grounds for which PNR data are transferred, PNR data provided to CBP will not subsequently be changed by it. A maximum of 34 PNR data categories will be transferred and the United States authorities will consult the Commission before adding any new requirements. Additional personal information sought as a direct result of PNR data will be obtained from sources outside the government only through lawful channels. As a general rule, PNR will be deleted after a maximum of three years and six months, with exceptions for data that have been accessed for specific investigations, or otherwise manually accessed.

-As regards the transparency principle, CBP will provide information to travellers as to the purpose of the transfer and processing, and the identity of the data controller in the third country, as well as other information.

-As regards the security principle, technical and organisational security measures are taken by CBP which are appropriate to the risks presented by the processing.

It should be noted that the rights of access and rectification are recognised, in that the data subject may request a copy of PNR data and rectification of inaccurate data.

Onward transfers will be made to other government authorities, including foreign government authorities, with counter-terrorism or law-enforcement functions, on a case-by-case basis, for purposes that correspond to those set out in the statement of purpose limitation. Transfers may also be made for the protection of the vital interests of the data subject or of other persons, in particular as regards significant health risks, or in any criminal judicial proceedings or as otherwise required by law. Receiving agencies are bound by the express terms of disclosure to use the data only for those purposes and may not transfer the data onwards without the agreement of CBP.

The competent authorities in Member States may exercise their existing powers to suspend data flows to CBP in order to protect individuals with regard to the processing of their personal data in certain cases.

The Decision will expire three years and six months after the date of its notification, unless extended in accordance with the procedure set out in Article 31(2) of Directive 95/46/EC.

ENTRY INTO FORCE: Member States shall take all the measures necessary to comply with the Decision within four months of the date of its notification.

2003/05/15
   EC - Follow-up document
1995/11/23
   Final act published in Official Journal
Details

OBJECTIVE: to facilitate the free movement of data within the Community by ensuring a high level of protection for individuals in relation to the processing of personal data. COMMUNITY MEASURE: European Parliament and Council Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. SUBSTANCE:

The directive establishes the common basic rules for the protection of individuals in relation to personal data; A high level of protection is guaranteed through the obligations imposed on those responsible for processing data (public authorities, enterprises, agencies, etc.) and through the rights conferred on individuals whose data is the subject of processing; The obligations imposed on those responsible for processing relate to the quality of the data, insofar as processing must have an explicit and legitimate purpose, security and notification to an independent supervisory authority, which must be created by the Member States; The directive covers in general the collection, adaptation, use, interconnection and erasure of personal data; Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life; Member States shall provide for exemptions or derogations for the processing of personal data carried out solely for journalistic purposes or the purpose of artistic or literary expression only if they are necessary to reconcile the right to privacy with the rules governing freedom of expression; The data subject has the right to be informed of the processing being carried out and the data being used, to request that the data be rectified if it is incorrect and to object to the processing; The directive also relates to the confidentiality and security of processing. It covers both the private and public sectors, with the exception of the provisions concerning the CFSP, cooperation on justice and home affairs, public safety, and national defence and security.

Deadline for the transposal of the directive into national legislation: 24 October 1998.

1995/10/24
   CSL - Final act signed
1995/10/24
   EP - End of procedure in Parliament
1995/07/24
   CSL - Act approved by Council, 2nd reading
Details

After agreeing to the amendments made by the European Parliament at second reading, the Council unanimously (with the United Kingdom abstaining) adopted the Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Member States have three years in which to transpose the Directive into their national legislation. The Danish delegation made the following statement to explain how it had voted: ‘ Denmark can accept the European Parliament’s amendments to the Directive and can therefore agree to the definitive adoption of the Directive by the Council. Denmark nevertheless regrets that it has not proved possible to reach the consensus needed within the Council for the European Parliament to be informed of the content of the statements entered in the minutes. Denmark considers that the request made by the President of the European Parliament to the President of the Council (General Affairs) revealed the need to bring to a swift conclusion the current discussions on the publication of the statements entered in the minutes in the interests of greater transparency of the work of the Council’.

1995/07/24
   CSL - Council Meeting
1995/07/18
   EC - Commission opinion on Parliament's position at 2nd reading
1995/06/15
   EP - Text adopted by Parliament, 2nd reading
1995/06/15
   EP - Decision by Parliament, 2nd reading
Documents
1995/06/14
   EP - Debate in Parliament
Details

Commissioner MONTI stated that he could accept the first 7 amendments, which clarified the text of the common position. With regard to the committee procedure, and in particular the choice of committee, the Commission could agree to replace the advisory committee suggested in the initial proposal with a management committee, which was not too far removed from a regulatory committee, which had been the choice of the Council, in terms of the powers conferred upon the Commission. Amendment No 8 on a very specific situation could not be included in the framework directive, which was limited to providing the general criteria for identifying the data controller. Finally, the Commissioner reiterated the Commission’s commitment to ensuring the protection of individuals through the same guarantees that applied to the processing of personal data in all of the Union’s activities, at Community, intergovernmental and national level.

1995/05/23
   EP - Committee recommendation tabled for plenary, 2nd reading
1995/05/23
   EP - Vote in committee, 2nd reading
1995/05/22
   EP - Committee recommendation tabled for plenary, 2nd reading
Documents
1995/03/15
   EP - Committee referral announced in Parliament, 2nd reading
1995/02/24
   EC - Commission communication on Council's position
1995/02/20
   CSL - Council position
1995/02/20
   CSL - Council Meeting
1995/02/19
   CSL - Council position published
Documents
1995/02/06
   CSL - Council Meeting
1994/12/08
   CSL - Council Meeting
1994/12/01
   CSL - Debate in Council
Documents
1994/12/01
   CSL - Council Meeting
1994/07/26
   EP - MEDINA ORTEGA Manuel (PES) appointed as rapporteur in JURI
1994/06/16
   CSL - Debate in Council
Documents
1994/06/16
   CSL - Council Meeting
1993/12/02
   EP - Text adopted by Parliament confirming position adopted at 1st reading
1993/12/02
   EP - Decision by Parliament, 1st reading
Documents
1993/11/23
   EP - Committee final report tabled for plenary, 1st reading/single reading
1993/11/23
   EP - Vote in committee, 1st reading
1993/11/22
   EP - Committee report tabled for plenary confirming Parliament's position
Documents
1993/11/10
   EC - Reconsultation
1992/10/15
   EC - Modified legislative proposal
1992/10/14
   EC - Modified legislative proposal published
1992/03/11
   EP - Text adopted by Parliament, 1st reading/single reading
1992/03/11
   EP - Decision by Parliament, 1st reading
Documents
1992/02/10
   EP - Debate in Parliament
1991/04/24
   ESC - Economic and Social Committee: opinion, report
1990/10/30
   EP - HERMAN Fernand H.J. (PPE) appointed as rapporteur in ECON
1990/10/12
   EP - Committee referral announced in Parliament, 1st reading
1990/09/24
   EC - Legislative proposal
1990/09/23
   EC - Legislative proposal published

Documents

History

(these mark the time of scraping, not the official date of the change)

docs/0
date
1991-04-24T00:00:00
docs
summary
type
Economic and Social Committee: opinion, report
body
ESC
docs/0
date
1990-09-24T00:00:00
docs
summary
type
Legislative proposal
body
EC
docs/1
date
1991-04-24T00:00:00
docs
summary
type
Economic and Social Committee: opinion, report
body
ESC
docs/1/docs/1/url
Old
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1991:159:SOM:EN:HTML
New
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1991:159:TOC
docs/2
date
1992-10-15T00:00:00
docs
summary
type
Modified legislative proposal
body
EC
docs/3
date
1992-10-15T00:00:00
docs
summary
type
Modified legislative proposal
body
EC
docs/3/docs/1/url
Old
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1992:311:SOM:EN:HTML
New
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1992:311:TOC
docs/6
date
1994-03-01T00:00:00
docs
title: PE207.257
type
Committee draft report
body
EP
docs/9
date
1995-05-23T00:00:00
docs
type
Committee recommendation tabled for plenary, 2nd reading
body
EP
docs/9
date
1995-05-12T00:00:00
docs
title: PE212.830/DEF
committee
ECON
type
Committee opinion
body
EP
docs/10
date
1995-06-15T00:00:00
docs
summary
type
Text adopted by Parliament, 2nd reading
body
EP
docs/10
date
1995-05-18T00:00:00
docs
title: PE212.057/AM
type
Amendments tabled in committee
body
EP
docs/10/docs/0/url
Old
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1995:166:SOM:EN:HTML
New
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1995:166:TOC
docs/11
date
1995-05-23T00:00:00
docs
type
Committee recommendation tabled for plenary, 2nd reading
body
EP
docs/12
date
1995-06-15T00:00:00
docs
summary
type
Text adopted by Parliament, 2nd reading
body
EP
docs/12
date
2003-05-15T00:00:00
docs
summary
type
Follow-up document
body
EC
docs/13
date
2004-05-14T00:00:00
docs
summary
type
Implementing legislative act
body
EU
docs/13/docs/1/url
Old
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2004:235:SOM:EN:HTML
New
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2004:235:TOC
docs/14
date
2003-05-15T00:00:00
docs
summary
type
Non-legislative basic document
body
EC
docs/15
date
2004-05-14T00:00:00
docs
summary
type
Implementing legislative act
body
EU
docs/16
date
2007-05-02T00:00:00
docs
summary
type
Document attached to the procedure
body
EDPS
docs/16/docs/1/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:2007:255:TOC
New
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:2007:255:SOM:EN:HTML
docs/18
date
2007-05-02T00:00:00
docs
summary
type
Document attached to the procedure
body
EDPS
events/0/date
Old
1990-09-24T00:00:00
New
1990-09-23T00:00:00
events/4/date
Old
1992-10-15T00:00:00
New
1992-10-14T00:00:00
events/6/date
Old
1993-11-23T00:00:00
New
1993-11-22T00:00:00
events/10/date
Old
1995-02-20T00:00:00
New
1995-02-19T00:00:00
events/13
date
1995-05-22T00:00:00
type
Committee recommendation tabled for plenary, 2nd reading
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/A-4-1995-0120_EN.html title: A4-0120/1995
events/13
date
1995-05-23T00:00:00
type
Committee recommendation tabled for plenary, 2nd reading
body
EP
docs
title: A4-0120/1995
docs/0/docs/0/url
Old
https://dm.eesc.europa.eu/EESCDocumentSearch/Pages/redresults.aspx?k=(documenttype:AC)(documentnumber:0569)(documentyear:1991)(documentlanguage:EN)
New
https://dmsearch.eesc.europa.eu/search/public?k=(documenttype:AC)(documentnumber:0569)(documentyear:1991)(documentlanguage:EN)
docs/2/docs/1/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1992:311:TOC
New
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1992:311:SOM:EN:HTML
docs/5/docs/0/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1993:342:TOC
New
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1993:342:SOM:EN:HTML
docs/11/docs/0/url
Old
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1995:166:SOM:EN:HTML
New
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1995:166:TOC
docs/12/docs/0/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1995:166:TOC
New
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1995:166:SOM:EN:HTML
docs/14
date
2003-05-15T00:00:00
docs
summary
type
Non-legislative basic document
body
EC
docs/14
date
2003-05-15T00:00:00
docs
summary
type
Follow-up document
body
EC
docs/15/docs/1/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2004:235:TOC
New
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2004:235:SOM:EN:HTML
docs/17/docs/0/url
Old
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2007/0087/COM_COM(2007)0087_EN.pdf
New
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2007/0087/COM_COM(2007)0087_EN.pdf
docs/18
date
2007-05-02T00:00:00
docs
summary
type
Document attached to the procedure
body
EDPS
docs/18
date
2007-05-02T00:00:00
docs
summary
type
Document attached to the procedure
body
EDPS
docs/19/docs/0/url
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:[%SECTOR]2009[%DESCRIPTOR]3200:EN:NOT
docs/20/docs/0/url
Old
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/sec/2009/0585/COM_SEC(2009)0585_EN.pdf
New
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/sec/2009/0585/COM_SEC(2009)0585_EN.pdf
docs/21/docs/0/url
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:[%SECTOR]2010[%DESCRIPTOR]0593:EN:NOT
docs/25/docs/1
url
https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2019&nu_doc=0495
title
EUR-Lex
docs/26/docs/0
url
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=SWD:2019:0390:FIN:EN:PDF
title
EUR-Lex
events/1/type
Old
Committee referral announced in Parliament, 1st reading/single reading
New
Committee referral announced in Parliament, 1st reading
events/2/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=19920210&type=CRE
New
https://www.europarl.europa.eu/doceo/document/EN&reference=19920210&type=CRE
events/3/type
Old
Decision by Parliament, 1st reading/single reading
New
Decision by Parliament, 1st reading
events/5/type
Old
Vote in committee, 1st reading/single reading
New
Vote in committee, 1st reading
events/7/type
Old
Decision by Parliament, 1st reading/single reading
New
Decision by Parliament, 1st reading
events/14/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=19950614&type=CRE
New
https://www.europarl.europa.eu/doceo/document/EN&reference=19950614&type=CRE
events/19/docs/1/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:1995:281:TOC
New
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:1995:281:SOM:EN:HTML
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Legal Affairs, Citizens' Rights
committee
JURI
rapporteur
name: MEDINA ORTEGA Manuel date: 1994-07-26T00:00:00 group: Party of European Socialists abbr: PES
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Legal Affairs, Citizens' Rights
committee
JURI
date
1994-07-26T00:00:00
rapporteur
name: MEDINA ORTEGA Manuel group: Party of European Socialists abbr: PES
committees/1
type
Committee Opinion
body
EP
associated
False
committee_full
Economic and Monetary Affairs, Industrial Policy
committee
ECON
rapporteur
name: HERMAN Fernand H.J. date: 1990-10-30T00:00:00 group: European People's Party (Christian Democrats) abbr: PPE
committees/1
type
Committee Opinion
body
EP
associated
False
committee_full
Economic and Monetary Affairs, Industrial Policy
committee
ECON
date
1990-10-30T00:00:00
rapporteur
name: HERMAN Fernand H.J. group: European People's Party (Christian Democrats) abbr: PPE
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1993:342:SOM:EN:HTML
New
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1993:342:TOC
docs/11/docs/0/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1995:166:TOC
New
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1995:166:SOM:EN:HTML
docs/12/docs/0/url
Old
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1995:166:SOM:EN:HTML
New
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1995:166:TOC
docs/17/docs/0/url
Old
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2007/0087/COM_COM(2007)0087_EN.pdf
New
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2007/0087/COM_COM(2007)0087_EN.pdf
docs/20/docs/0/url
Old
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/sec/2009/0585/COM_SEC(2009)0585_EN.pdf
New
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/sec/2009/0585/COM_SEC(2009)0585_EN.pdf
docs/25
date
2019-10-23T00:00:00
docs
url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2019/0495/COM_COM(2019)0495_EN.pdf title: COM(2019)0495
summary
type
Follow-up document
body
EC
docs/26
date
2019-10-24T00:00:00
docs
title: SWD(2019)0390
summary
type
Follow-up document
body
EC
events/19/docs/1/url
Old
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:1995:281:SOM:EN:HTML
New
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:1995:281:TOC
docs/0/docs/1/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1991:159:TOC
New
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1991:159:SOM:EN:HTML
docs/2/docs/1/url
Old
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1992:311:SOM:EN:HTML
New
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1992:311:TOC
docs/4/docs/0/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1993:342:TOC
New
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1993:342:SOM:EN:HTML
docs/5/docs/0/url
Old
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1993:342:SOM:EN:HTML
New
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1993:342:TOC
docs/12/docs/0/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1995:166:TOC
New
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1995:166:SOM:EN:HTML
docs/14/docs/0/url
Old
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2003/0265/COM_COM(2003)0265_EN.pdf
New
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2003/0265/COM_COM(2003)0265_EN.pdf
docs/15/docs/1/url
Old
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2004:235:SOM:EN:HTML
New
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2004:235:TOC
docs/17/docs/0/url
Old
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2007/0087/COM_COM(2007)0087_EN.pdf
New
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2007/0087/COM_COM(2007)0087_EN.pdf
docs/18/docs/0/url
Old
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:2007:255:TOC
New
https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:2007:255:SOM:EN:HTML
docs/20/docs/0/url
Old
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/sec/2009/0585/COM_SEC(2009)0585_EN.pdf
New
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/sec/2009/0585/COM_SEC(2009)0585_EN.pdf
activities
  • date: 1990-09-24T00:00:00 docs: url: http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=1990&nu_doc=314 title: COM(1990)0314 type: Legislative proposal published celexid: CELEX:51990DC0314:EN body: EC commission: type: Legislative proposal published
  • date: 1990-10-12T00:00:00 body: EP type: Committee referral announced in Parliament, 1st reading/single reading committees: body: EP responsible: False committee: ECON date: 1990-10-30T00:00:00 committee_full: Economic and Monetary Affairs, Industrial Policy rapporteur: group: PPE name: HERMAN Fernand H.J. body: EP responsible: True committee: JURI date: 1994-07-26T00:00:00 committee_full: Legal Affairs, Citizens' Rights rapporteur: group: PSE name: MEDINA ORTEGA Manuel
  • date: 1992-02-10T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=19920210&type=CRE type: Debate in Parliament title: Debate in Parliament body: EP type: Debate in Parliament
  • date: 1992-03-11T00:00:00 docs: type: Decision by Parliament, 1st reading/single reading title: T3-0140/1992 body: EP type: Decision by Parliament, 1st reading/single reading
  • date: 1992-10-15T00:00:00 docs: url: http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=1992&nu_doc=422 title: COM(1992)0422 type: Modified legislative proposal published celexid: CELEX:51992PC0422:EN body: EC commission: type: Modified legislative proposal published
  • date: 1993-11-23T00:00:00 docs: type: Committee report tabled for plenary confirming Parliament's position title: A3-0364/1993 body: unknown type: Committee report tabled for plenary confirming Parliament's position
  • date: 1993-11-23T00:00:00 body: EP type: Vote in committee, 1st reading/single reading committees: body: EP responsible: False committee: ECON date: 1990-10-30T00:00:00 committee_full: Economic and Monetary Affairs, Industrial Policy rapporteur: group: PPE name: HERMAN Fernand H.J. body: EP responsible: True committee: JURI date: 1994-07-26T00:00:00 committee_full: Legal Affairs, Citizens' Rights rapporteur: group: PSE name: MEDINA ORTEGA Manuel
  • date: 1993-12-02T00:00:00 docs: type: Decision by Parliament, 1st reading/single reading title: T3-0681/1993 body: EP type: Decision by Parliament, 1st reading/single reading
  • body: CSL meeting_id: 1769 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=1769*&MEET_DATE=16/06/1994 type: Debate in Council title: 1769 council: Competitiveness (Internal Market, Industry, Research and Space) date: 1994-06-16T00:00:00 type: Council Meeting
  • body: CSL meeting_id: 1810 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=1810*&MEET_DATE=01/12/1994 type: Debate in Council title: 1810 council: Research date: 1994-12-01T00:00:00 type: Council Meeting
  • date: 1994-12-08T00:00:00 body: CSL type: Council Meeting council: Competitiveness (Internal Market, Industry, Research and Space) meeting_id: 1815
  • date: 1995-02-06T00:00:00 body: CSL type: Council Meeting council: General Affairs meeting_id: 1827
  • body: CSL meeting_id: 1828 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=ADV&RESULTSET=1&DOC_ID=12003%2F94&DOC_LANCD=EN&ROWSPP=25&NRROWS=500&ORDERBY=DOC_DATE+DESC type: Council position published title: 12003/3/1994 council: Economic and Financial Affairs ECOFIN date: 1995-02-20T00:00:00 type: Council Meeting
  • date: 1995-03-15T00:00:00 body: EP type: Committee referral announced in Parliament, 2nd reading committees: body: EP responsible: True committee: JURI date: 1994-07-26T00:00:00 committee_full: Legal Affairs, Citizens' Rights rapporteur: group: PSE name: MEDINA ORTEGA Manuel
  • body: EP committees: body: EP responsible: True committee: JURI date: 1994-07-26T00:00:00 committee_full: Legal Affairs, Citizens' Rights rapporteur: group: PSE name: MEDINA ORTEGA Manuel docs: type: Committee recommendation tabled for plenary, 2nd reading title: A4-0120/1995 date: 1995-05-23T00:00:00 type: Vote in committee, 2nd reading
  • date: 1995-06-14T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=19950614&type=CRE type: Debate in Parliament title: Debate in Parliament body: EP type: Debate in Parliament
  • date: 1995-06-15T00:00:00 docs: type: Decision by Parliament, 2nd reading title: T4-0296/1995 body: EP type: Decision by Parliament, 2nd reading
  • body: CSL meeting_id: 1866 council: Budget date: 1995-07-24T00:00:00 type: Council Meeting
  • date: 1995-10-24T00:00:00 body: CSL type: Final act signed
  • date: 1995-10-24T00:00:00 body: EP type: End of procedure in Parliament
  • date: 1995-11-23T00:00:00 type: Final act published in Official Journal docs: url: http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=31995L0046 title: Directive 1995/46 url: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:1995:281:TOC title: OJ L 281 23.11.1995, p. 0031
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Legal Affairs, Citizens' Rights
committee
JURI
date
1994-07-26T00:00:00
rapporteur
name: MEDINA ORTEGA Manuel group: Party of European Socialists abbr: PES
committees/0
body
EP
responsible
False
committee
ECON
date
1990-10-30T00:00:00
committee_full
Economic and Monetary Affairs, Industrial Policy
rapporteur
group: PPE name: HERMAN Fernand H.J.
committees/1
type
Committee Opinion
body
EP
associated
False
committee_full
Economic and Monetary Affairs, Industrial Policy
committee
ECON
date
1990-10-30T00:00:00
rapporteur
name: HERMAN Fernand H.J. group: European People's Party (Christian Democrats) abbr: PPE
committees/1
body
EP
responsible
True
committee
JURI
date
1994-07-26T00:00:00
committee_full
Legal Affairs, Citizens' Rights
rapporteur
group: PSE name: MEDINA ORTEGA Manuel
council
  • body: CSL type: Council Meeting council: Budget meeting_id: 1866 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=1866*&MEET_DATE=24/07/1995 date: 1995-07-24T00:00:00
  • body: CSL type: Council Meeting council: Economic and Financial Affairs ECOFIN meeting_id: 1828 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=1828*&MEET_DATE=20/02/1995 date: 1995-02-20T00:00:00
  • body: CSL type: Council Meeting council: General Affairs meeting_id: 1827 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=1827*&MEET_DATE=06/02/1995 date: 1995-02-06T00:00:00
  • body: CSL type: Council Meeting council: Competitiveness (Internal Market, Industry, Research and Space) meeting_id: 1815 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=1815*&MEET_DATE=08/12/1994 date: 1994-12-08T00:00:00
  • body: CSL type: Council Meeting council: Research meeting_id: 1810 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=1810*&MEET_DATE=01/12/1994 date: 1994-12-01T00:00:00
  • body: CSL type: Council Meeting council: Competitiveness (Internal Market, Industry, Research and Space) meeting_id: 1769 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=1769*&MEET_DATE=16/06/1994 date: 1994-06-16T00:00:00
docs
  • date: 1991-04-24T00:00:00 docs: url: https://dm.eesc.europa.eu/EESCDocumentSearch/Pages/redresults.aspx?k=(documenttype:AC)(documentnumber:0569)(documentyear:1991)(documentlanguage:EN) title: CES0569/1991 url: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1991:159:TOC title: OJ C 159 17.06.1991, p. 0038 summary: type: Economic and Social Committee: opinion, report body: ESC
  • date: 1992-03-11T00:00:00 docs: url: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1992:094:TOC title: OJ C 094 13.04.1992, p. 0077-0198 title: T3-0140/1992 summary: type: Text adopted by Parliament, 1st reading/single reading body: EP
  • date: 1992-10-15T00:00:00 docs: url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=1992&nu_doc=422 title: EUR-Lex url: https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1992:311:SOM:EN:HTML title: OJ C 311 27.11.1992, p. 0030 title: COM(1992)0422 summary: type: Modified legislative proposal body: EC
  • date: 1993-11-10T00:00:00 docs: url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=1993&nu_doc=570 title: EUR-Lex title: COM(1993)0570 type: Reconsultation body: EC
  • date: 1993-11-23T00:00:00 docs: url: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1993:342:TOC title: OJ C 342 20.12.1993, p. 0002 title: A3-0364/1993 type: Committee final report tabled for plenary, 1st reading/single reading body: EP
  • date: 1993-12-02T00:00:00 docs: url: https://eur-lex.europa.eu/JOHtml.do?uri=OJ:C:1993:342:SOM:EN:HTML title: OJ C 342 20.12.1993, p. 0015-0030 title: T3-0681/1993 summary: type: Text adopted by Parliament confirming position adopted at 1st reading body: EP
  • date: 1994-03-01T00:00:00 docs: title: PE207.257 type: Committee draft report body: EP
  • date: 1995-02-20T00:00:00 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=ADV&RESULTSET=1&DOC_ID=12003%2F94&DOC_LANCD=EN&ROWSPP=25&NRROWS=500&ORDERBY=DOC_DATE+DESC title: 12003/3/1994 url: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1995:093:TOC title: OJ C 093 13.04.1995, p. 0001 summary: type: Council position body: CSL
  • date: 1995-02-24T00:00:00 docs: url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=SECfinal&an_doc=1995&nu_doc=303 title: EUR-Lex title: SEC(1995)0303 type: Commission communication on Council's position body: EC
  • date: 1995-05-12T00:00:00 docs: title: PE212.830/DEF committee: ECON type: Committee opinion body: EP
  • date: 1995-05-18T00:00:00 docs: title: PE212.057/AM type: Amendments tabled in committee body: EP
  • date: 1995-05-23T00:00:00 docs: url: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1995:166:TOC title: OJ C 166 03.07.1995, p. 0004 title: A4-0120/1995 type: Committee recommendation tabled for plenary, 2nd reading body: EP
  • date: 1995-06-15T00:00:00 docs: url: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:1995:166:TOC title: OJ C 166 03.07.1995, p. 0080-0105 title: T4-0296/1995 summary: type: Text adopted by Parliament, 2nd reading body: EP
  • date: 1995-07-18T00:00:00 docs: url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=1995&nu_doc=375 title: EUR-Lex title: COM(1995)0375 type: Commission opinion on Parliament's position at 2nd reading body: EC
  • date: 2003-05-15T00:00:00 docs: url: http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2003/0265/COM_COM(2003)0265_EN.pdf title: COM(2003)0265 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2003&nu_doc=265 title: EUR-Lex summary: type: Follow-up document body: EC
  • date: 2004-05-14T00:00:00 docs: url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=32004D0535 title: 32004D0535 url: https://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:2004:235:SOM:EN:HTML title: OJ L 235 06.07.2004, p. 0011-0022 summary: PURPOSE : to establish the level of protection for PNR data transferred from the Community concerning flights to or from the United States, pursuant to Directive 95/46/EC. LEGISLATIVE ACT : Commission Decision 2004/535/CE on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the United States’ Bureau of Customs and Border Protection CONTENT : Pursuant to Directive 95/46/EC, Member States are required to provide that the transfer of personal data to a third country may take place only if the third country in question ensures an adequate level of protection and if the Member States’ laws implementing other provisions of the Directive are complied with prior to the transfer. In the framework of air transport, the ‘Passenger Name Record’ (PNR) is a record of each passenger’s travel requirements which contains all information necessary to enable reservations to be processed and controlled by the booking and participating airlines. It should be noted that the Council has adopted Decision 2004/496/EC on the conclusion of an Agreement between the European Community and the United States of America on the processing and transfer of PNR data by Air Carriers to the United States Department of Homeland Security, Bureau of Customs and Border Protection. (Please refer to CNS/2004/0064.) This Decision was adopted in the context of the fight against terrorism. The United States Bureau of Customs and Border Protection (CBP) of the Department of Homeland Security (DHS) requires each carrier, operating passenger flights in foreign air transportation to or from the United States, to provide it with electronic access to PNR to the extent that PNR is collected and contained in the air carrier’s automated reservation system. This Decision provides that for the purposes of Article 25(2) of Directive 95/46/EC, the United States’ Bureau of Customs and Border Protection ( CBP) is considered to ensure an adequate level of protection for PNR data transferred from the Community concerning flights to or from the United States, in accordance with the Undertakings set out in the Annex. The Decision aims to establish a framework of rules for data to be transferred. The transfer of date by EU airlines will be governed by certain “Undertakings of the Department of Homeland Security Bureau of Customs and Border Protection (CBP) . The standards by which CBP will process passengers’ PNR data on the basis of United States legislation and the Undertakings cover the basic principles necessary for an adequate level of protection for natural persons: - As regards the purpose limitation principle, air passengers’ personal data contained in the PNR transferred to CBP will be processed for a specific purpose and subsequently used or further communicated only in so far as this is not incompatible with the purpose of the transfer. In particular, PNR data will be used strictly for purposes of preventing and combating: terrorism and related crimes; other serious crimes, including organised crime, that are transnational in nature; and flight from warrants or custody for those crimes. - As regards the data quality and proportionality principle, which need to be considered in relation to the important public interest grounds for which PNR data are transferred, PNR data provided to CBP will not subsequently be changed by it. A maximum of 34 PNR data categories will be transferred and the United States authorities will consult the Commission before adding any new requirements. Additional personal information sought as a direct result of PNR data will be obtained from sources outside the government only through lawful channels. As a general rule, PNR will be deleted after a maximum of three years and six months, with exceptions for data that have been accessed for specific investigations, or otherwise manually accessed. -As regards the transparency principle, CBP will provide information to travellers as to the purpose of the transfer and processing, and the identity of the data controller in the third country, as well as other information. -As regards the security principle, technical and organisational security measures are taken by CBP which are appropriate to the risks presented by the processing. It should be noted that the rights of access and rectification are recognised, in that the data subject may request a copy of PNR data and rectification of inaccurate data. Onward transfers will be made to other government authorities, including foreign government authorities, with counter-terrorism or law-enforcement functions, on a case-by-case basis, for purposes that correspond to those set out in the statement of purpose limitation. Transfers may also be made for the protection of the vital interests of the data subject or of other persons, in particular as regards significant health risks, or in any criminal judicial proceedings or as otherwise required by law. Receiving agencies are bound by the express terms of disclosure to use the data only for those purposes and may not transfer the data onwards without the agreement of CBP. The competent authorities in Member States may exercise their existing powers to suspend data flows to CBP in order to protect individuals with regard to the processing of their personal data in certain cases. The Decision will expire three years and six months after the date of its notification, unless extended in accordance with the procedure set out in Article 31(2) of Directive 95/46/EC. ENTRY INTO FORCE: Member States shall take all the measures necessary to comply with the Decision within four months of the date of its notification. type: Implementing legislative act body: EU
  • date: 2005-09-06T00:00:00 docs: url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=32006D0253 title: 32006D0253 url: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2006:091:TOC title: OJ L 091 29.03.2006, p. 0049-0060 summary: ACT : Commission Decision 2006/253/EC on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the Canada Border Services Agency. CONTENT : Pursuant to Directive 95/46/EC, Member States are required to provide that the transfer of personal data to a third country may take place only if the third country in question ensures an adequate level of protection and if the Member States’ laws implementing other provisions of the Directive are complied with prior to the transfer. In the framework of air transport, the ‘Passenger Name Record’ (PNR) is a record of each passenger’s travel requirements which contains all information necessary to enable reservations to be processed and controlled by the booking and participating airlines. The Decision provides that for the purposes of Article 25(2) of Directive 95/46/EC, the Canadian Customs Border Services Agency (CBSA) is considered to ensure an adequate level of protection for PNR data transferred from the Community concerning flights bound for Canada in accordance with the Commitments set out in the Annex. The competent authorities in Member States may exercise their existing powers to suspend data flows to the CBSA in order to protect individuals with regard to the processing of their personal data in the following cases: - where a competent Canadian authority has determined that the CBSA is in breach of the applicable standards of protection; or - where there is a substantial likelihood that the standards of protection set out in the Annex are being infringed, there are reasonable grounds for believing that the CBSA is not taking or will not take adequate and timely steps to settle the case at issue, the continuing transfer would create an imminent risk of grave harm to data subjects and the competent authorities in the Member State have made reasonable efforts in the circumstances to provide the CBSA with notice and an opportunity to respond. Suspension shall cease as soon as the standards of protection are assured and the competent authorities of the Member States concerned are notified. Member States shall take all the measures necessary to comply with the Decision within four months of the date of its notification. The Decision will expire three years and six months after the date of its notification, unless extended in accordance with the procedure set out in Article 31(2) of Directive 95/46/EC. type: Implementing legislative act body: EU
  • date: 2007-03-07T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2007/0087/COM_COM(2007)0087_EN.pdf title: COM(2007)0087 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2007&nu_doc=87 title: EUR-Lex summary: The Commission's first report on the implementation of Directive 95/46/EC (please refer to the summary of 15/05/2003) contained a Work Programme for better implementation of the data protection Directive . This Communication examines the work conducted under this programme, assesses the present situation, and outlines the prospects for the future as a condition for success in a number of policy areas in the light of Article 8 of the European Charter of Fundamental Rights, recognising an autonomous right to the protection of personal data. The Commission considers that the Directive lays down a general legal framework that is substantially appropriate and technologically neutral . The harmonised set of rules ensuring a high standard of protection for personal data throughout the EU has brought considerable benefits for citizens, business and authorities. It protects individuals against general surveillance or undue discrimination on the basis of the information others hold on them. The trust of consumers that personal details they provide in their transactions will not be misused is a condition for the development of e-commerce. Business operate and administrations cooperate throughout the Community without fearing that their international activities be disrupted because personal data they need to exchange are not protected at the origin or the destination. The Commission details the work that has been carried out under 10 action areas since the publication of the first report. This includes a “structured dialogue" with Member States on national transposition, and a detailed analysis of national legislation and discussions with national authorities aimed at bringing national legislation fully in line with the requirements of the Directive. Overview of implementation of the Directive: the Commission states that implementation has improved . A ll Member States have now transposed the Directive. On the whole, national transposition covers all the main provisions along the lines of the Directive. The actions undertaken under the Work Programme have been positive and have substantially contributed to improving the implementation of the Directive throughout the Community. The decisive involvement of the national data protection supervisory authorities through their participation in the Working Party has played a major role. However, some countries have not yet properly implemented the Directive . One concern is respect for the requirement that data protection supervisory authorities act in complete independence and are endowed with sufficient powers and resources to exercise their tasks. These authorities are key building blocks in the system of protection conceived by the Directive, and any failure to ensure their independence and powers has a wide-ranging negative impact on the enforcement of the data protection legislation. In some case divergences arise within the margin of manoeuvre of the Directive. However, a study shows that despite some divergences, the Directive has been implemented with modest costs for firms. No evidence is found among the complaints received by the Commission that national divergences within the limits of the Directive may actually obstruct the proper functioning of the internal market or limit the free flow of data on grounds of a lack or inadequacy of protection in the country of origin or destination. Nor do constraints within their country of establishment distort competition between private operators. The Directive is therefore fulfilling its objectives: to secure the free flow of personal data within the internal market while ensuring a high level of protection in the Community. The Commission goes on to state that the legal solutions provided by the Directive, beyond achieving harmonisation, are themselves appropriate to the issues at stake. It considers the requirements imposed by public interests, such as the International Agreement with the US to address the use of passengers' PNR data and states its commitment to respecting the Charter of Fundamental Rights in all its proposals. The way ahead : the Commission intends to pursue a policy characterized by the following elements: - the Directive should not be amended, since the Data Protection Directive constitutes a general legal framework which fulfils its original objectives by constituting a sufficient guarantee for the functioning of the Internal Market while ensuring a high level of protection; - the Commission will pursue proper implementation of its provisions at national and international level. - it will produce an interpretative communication on some provisions. The problems identified in implementing particular provisions of the Directive that may lead to formal infringement procedures correspond to an understanding by the Commission about the meaning of the provisions in the Directive and about the correct way to implement them, taking into account the case law, as well as the interpretation work conducted by the Working Party. Such ideas will be clearly set forth in an interpretative communication; - the Commission encourages all actors involved to endeavour to reduce national divergences. Different activities will be conducted for this purpose. The Work Programme will continue and the Working Party should improve its contribution to harmonising practice. The Commission will consider the challenges of new technologies. Where a particular technology is found to consistently pose questions as regards the application of the data protection principles, and its widespread use or potential intrusiveness is considered to justify more stringent measures, the Commission could propose sector- specific legislation at EU level in order to apply those principles to the specific requirements of the technology in question. - the Commission considers the task of providing a coherent response to the demand for public interest uses, especially for security. In striking the important balance between measures to ensure security and protect nonnegotiable fundamental rights, the Commission makes sure that it protects personal data as guaranteed by Article 8 of the Charter of Fundamental Rights. The EU works with external partners also. In particular the EU and USA have a continuous transatlantic dialogue to discuss information sharing and the protection of personal data for law enforcement purposes. The Commission will consider the implementation of the Directive once again upon conclusion of the measures laid out in this Communication. Lastly, it will continue to monitor the implementation of the Directive, work with all stakeholders to further reduce national divergences, and study the need for sector-specific legislation to apply data protection principles to new technologies and to satisfy public security needs. type: Follow-up document body: EC
  • date: 2007-05-02T00:00:00 docs: url: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:2007:255:TOC title: OJ C 255 27.10.2007, p. 0001 title: 52007XX1027(01) summary: OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR on the Communication from the Commission to the European Parliament and the Council on the follow-up of the Work Programme for better implementation of the Data Protection Directive . On 7 March 2007, the aforementioned Communication was sent by the Commission to the EDPS. In accordance with Article 41 of Regulation (EC) No 45/2001, the EDPS presents this opinion. The Communication reiterates the importance of Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data as a milestone in the protection of personal data and discusses the Directive and its implementation. The central conclusion of the Communication is that the Directive should not be amended. The implementation of the Directive should be further improved by means of other policy instruments, most of them with a non binding nature. The EDPS shares the central conclusion of the Commission that the Directive should not be amended in the short term . The points of departure for the EDPS are as follows: (i) in the short term, energy is best spent on improvements in the implementation of the Directive; (ii) in the longer term, changes of the Directive seem unavoidable; and (iii) a clear date for a review to prepare proposals leading to such changes should already be set now. Such a date would give a clear incentive to start the thinking about future changes already now. According to the EDPS, the main elements for future change include: no need for new principles, but a clear need for other administrative arrangements; the wide scope of data protection law applicable to all use of personal data should not change; data protection law should allow a balanced approach in concrete cases and should also allow data protection authorities to set priorities; the system should fully apply to the use of personal data for law enforcement purposes, although appropriate additional measures may be necessary to deal with special problems in this area. Moreover, the EDPS suggests that the Commission specify: (i) a timeline for the activities of Chapter III of the Communication; (ii) a deadline for a subsequent report on the application of the Directive; (iii) terms of reference to measure the realisation of the activities foreseen; and (iv) indications on the way to proceed in the longer term. The EDPS regrets that the perspective of global privacy and jurisdiction plays a limited role in the Communication and asks for practical solutions that reconcile the need for protection of the European data subjects with the territorial limitations of the European Union and its Member States, such as: (i) the further development of a Global Framework for data protection; (ii) the further development of the special regime for transfer of data to third countries; (iii) international agreements on jurisdiction or similar agreements with third countries; and (iv) investing in mechanisms for global compliance, such as the use of binding corporate rules by multinational companies. The EDPS invites the Commission to start developing a vision on this perspective, together with most relevant stakeholders. On law enforcement , the EDPS has the following suggestions to the Commission: further reflection on the implications of the involvement of private companies in law enforcement activities; preserve the effet utile of Article 13 of the Directive, possibly by proposing legislation aiming at harmonizing the conditions and the safeguards for using the exemptions of Article 13. Full implementation of the Directive means: (i) that it be ensured that the Member States fully comply with their obligations under European law; and (ii) that other, non binding tools, that could be instrumental to a high and harmonised level of data protection be fully used. The EDPS asks from the Commission to clearly indicate how it will use the different instruments. In relation to those instruments : in certain cases, specific legislative action at EU level may be necessary; the Commission is encouraged to pursue a better implementation of the Directive through infringement procedures; the Commission is invited to use the instrument of an interpretative communication for the following issues: (i) the concept of personal data; (ii) the definition of the role of data controller or data processor; (iii) the determination of applicable law; (iv) the purpose limitation principle and incompatible use; and (v) legal grounds for processing, especially with regard to unambiguous consent and balance of interests; non binding instruments include instruments building on the concept of ‘privacy by design’; for longer term also: (i) class actions; (ii) actions initiated by legal persons whose activities are designed to protect the interests of certain categories of persons; (iii) obligations for data controllers to notify security breaches to data subjects; and (iv) provisions facilitating the use of privacy seals or third-party privacy audits in a trans-national setting. Lastly, the EDPS invites the Commission to present a paper to the Working Party giving clear indications on the division of roles between them. type: Document attached to the procedure body: EDPS
  • date: 2009-05-12T00:00:00 docs: title: C(2009)3200 type: Follow-up document body: EC
  • date: 2009-05-12T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/sec/2009/0585/COM_SEC(2009)0585_EN.pdf title: SEC(2009)0585 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=SECfinal&an_doc=2009&nu_doc=585 title: EUR-Lex type: Follow-up document body: EC
  • date: 2010-02-05T00:00:00 docs: title: C(2010)0593 type: Follow-up document body: EC
  • date: 2015-11-06T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2015/0566/COM_COM(2015)0566_EN.pdf title: COM(2015)0566 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2015&nu_doc=0566 title: EUR-Lex type: For information body: EC
  • date: 2018-12-19T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2018/0860/COM_COM(2018)0860_EN.pdf title: COM(2018)0860 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2018&nu_doc=0860 title: EUR-Lex summary: The Commission presents its second annual review of the functioning of the EU-U.S. Privacy Shield. The EU-U.S. Privacy Shield Decision was adopted on 12 July 2016. It ensures an adequate level of protection for personal data that has been transferred from the EU to organisations in the U.S. The Decision provides for an annual evaluation of all aspects of the functioning of the framework. The first annual review took place in 2017, with the Commission concluding that the U.S. continued to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the Union to organisations in the U.S. At the same time, the Commission made ten recommendations to improve the Privacy Shield framework in order to ensure that the guarantees and safeguards provided therein continued to function as intended. This report concludes the second annual review of the functioning of the Privacy Shield and is based on information gathered from relevant stakeholders (in particular Privacy Shield-certified companies, and non-governmental organisations active in the field of digital rights and privacy), as well as from the relevant U.S. authorities involved in the implementation of the framework. The review took place in the context of the challenges to data privacy that are increasingly global in nature, as exemplified by the Facebook / Cambridge Analytica case. The report states that both sides stressed the need for vigorous enforcement actions by the EU’s Data Protection Authority and the U.S. Federal Trade Commission. Findings Commercial aspects : this relates to questions concerning the administration, oversight and enforcement of the obligations applying to certified companies. The Commission notes that in line with its recommendations from the first annual review, the Department of Commerce has further strengthened the certification process and introduced new oversight procedures, including: (i) a new process that requires first-time applicants to delay public representations regarding their Privacy Shield participation until their certification review is finalised by the Department of Commerce; (ii) new mechanisms to detect potential compliance issues, such as random spot-checks (at the time of the annual review, such spot checks had been performed on about 100 organisations) and the monitoring of public reports about the privacy practices of Privacy Shield participants; (iii) a quarterly review of companies that have been identified as more likely to make false claims and a system for image and text searches on the internet. Since the first annual review, the Department of Commerce has referred more than 50 cases to the Federal Trade Commission, which in turn took enforcement action in those cases where the referral as such was not sufficient in order to make the company concerned come into compliance. With respect to enforcement, the Commission noted that the Federal Trade Commission recently issued administrative subpoenas to request information from a number of Privacy Shield participants. Although the Commission considers that the Federal Trade Commission's more proactive approach to compliance monitoring is an important development, it regrets that at this stage it was not possible for to provide further information on its recent investigations and will closely monitor any further developments in this regard. Access and use of personal data by U.S. public authorities The reauthorisation of Section 702 of the Foreign Intelligence Surveillance Act at the beginning of 2018. While the reauthorisation did not lead to the incorporation of the protections of Presidential Policy Directive 28 into the Act, as the Commission wanted, neither did it restrict any of the safeguards contained in the Act which were in place when the Privacy Shield decision was adopted. Moreover, the amendments did not expand the powers of the U.S. Intelligence Community to acquire foreign intelligence information by targeting non-U.S. persons under Section 702. Instead, the Amendments Reauthorization Act of 2017 introduced some limited additional privacy safeguards, for instance in the area of transparency. The Privacy and Civil Liberties Oversight Board : new members of the Board have been appointed which restores the Board's quorum. The Board’s report of 16 October 2018 confirms that Presidential Policy Directive 28 is fully applied across the intelligence community, which has adopted detailed rules on the implementation of that Directive and have changed their practices in order to bring them in line with the requirements of Presidential Policy Directive 28. Conclusions On the basis of the findings, the Commission concludes that the United States continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the Union to organisations in the United States. In particular, the steps taken to implement the Commission's recommendations following the first annual review have improved several aspects of the practical functioning of the framework in order to ensure that the level of protection of natural persons guaranteed by the adequacy decision is not undermined. However, the report notes that although the Commission had recommended the swift appointment of the Privacy Shield Ombudsperson , the position of Under-Secretary in the State Department to whom the office of the Ombudsperson has been assigned had not yet been filled by a permanent appointment at the time of the report. Accordingly, the Commission reiterates its call on the U.S. administration to confirm its political commitment to the Ombudsperson mechanism by appointing a permanent Privacy Shield Ombudsperson as a matter of priority. The Ombudsperson mechanism is an important element of the Privacy Shield framework and, while the acting Ombudsperson continues to carry out the relevant functions, the absence of a permanent appointee is highly unsatisfactory. The Commission expects the U.S. government to identify a nominee to fill the Ombudsperson position on a permanent basis by 28 February 2019. type: Follow-up document body: EC
  • date: 2018-12-20T00:00:00 docs: url: https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=SWD:2018:0497:FIN:EN:PDF title: EUR-Lex title: SWD(2018)0497 type: Follow-up document body: EC
events
  • date: 1990-09-24T00:00:00 type: Legislative proposal published body: EC docs: url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=1990&nu_doc=314 title: EUR-Lex title: COM(1990)0314 summary:
  • date: 1990-10-12T00:00:00 type: Committee referral announced in Parliament, 1st reading/single reading body: EP
  • date: 1992-02-10T00:00:00 type: Debate in Parliament body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=19920210&type=CRE title: Debate in Parliament
  • date: 1992-03-11T00:00:00 type: Decision by Parliament, 1st reading/single reading body: EP docs: title: T3-0140/1992 summary:
  • date: 1992-10-15T00:00:00 type: Modified legislative proposal published body: EC docs: url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=1992&nu_doc=422 title: EUR-Lex title: COM(1992)0422 summary:
  • date: 1993-11-23T00:00:00 type: Vote in committee, 1st reading/single reading body: EP
  • date: 1993-11-23T00:00:00 type: Committee report tabled for plenary confirming Parliament's position body: EP docs: title: A3-0364/1993
  • date: 1993-12-02T00:00:00 type: Decision by Parliament, 1st reading/single reading body: EP docs: title: T3-0681/1993 summary:
  • date: 1994-06-16T00:00:00 type: Debate in Council body: CSL docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=1769*&MEET_DATE=16/06/1994 title: 1769 summary:
  • date: 1994-12-01T00:00:00 type: Debate in Council body: CSL docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=1810*&MEET_DATE=01/12/1994 title: 1810
  • date: 1995-02-20T00:00:00 type: Council position published body: CSL docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=ADV&RESULTSET=1&DOC_ID=12003%2F94&DOC_LANCD=EN&ROWSPP=25&NRROWS=500&ORDERBY=DOC_DATE+DESC title: 12003/3/1994 summary:
  • date: 1995-03-15T00:00:00 type: Committee referral announced in Parliament, 2nd reading body: EP
  • date: 1995-05-23T00:00:00 type: Vote in committee, 2nd reading body: EP summary:
  • date: 1995-05-23T00:00:00 type: Committee recommendation tabled for plenary, 2nd reading body: EP docs: title: A4-0120/1995
  • date: 1995-06-14T00:00:00 type: Debate in Parliament body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=19950614&type=CRE title: Debate in Parliament summary: Commissioner MONTI stated that he could accept the first 7 amendments, which clarified the text of the common position. With regard to the committee procedure, and in particular the choice of committee, the Commission could agree to replace the advisory committee suggested in the initial proposal with a management committee, which was not too far removed from a regulatory committee, which had been the choice of the Council, in terms of the powers conferred upon the Commission. Amendment No 8 on a very specific situation could not be included in the framework directive, which was limited to providing the general criteria for identifying the data controller. Finally, the Commissioner reiterated the Commission’s commitment to ensuring the protection of individuals through the same guarantees that applied to the processing of personal data in all of the Union’s activities, at Community, intergovernmental and national level.
  • date: 1995-06-15T00:00:00 type: Decision by Parliament, 2nd reading body: EP docs: title: T4-0296/1995 summary:
  • date: 1995-07-24T00:00:00 type: Act approved by Council, 2nd reading body: CSL summary: After agreeing to the amendments made by the European Parliament at second reading, the Council unanimously (with the United Kingdom abstaining) adopted the Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Member States have three years in which to transpose the Directive into their national legislation. The Danish delegation made the following statement to explain how it had voted: ‘ Denmark can accept the European Parliament’s amendments to the Directive and can therefore agree to the definitive adoption of the Directive by the Council. Denmark nevertheless regrets that it has not proved possible to reach the consensus needed within the Council for the European Parliament to be informed of the content of the statements entered in the minutes. Denmark considers that the request made by the President of the European Parliament to the President of the Council (General Affairs) revealed the need to bring to a swift conclusion the current discussions on the publication of the statements entered in the minutes in the interests of greater transparency of the work of the Council’.
  • date: 1995-10-24T00:00:00 type: Final act signed body: CSL
  • date: 1995-10-24T00:00:00 type: End of procedure in Parliament body: EP
  • date: 1995-11-23T00:00:00 type: Final act published in Official Journal summary: OBJECTIVE: to facilitate the free movement of data within the Community by ensuring a high level of protection for individuals in relation to the processing of personal data. COMMUNITY MEASURE: European Parliament and Council Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. SUBSTANCE: The directive establishes the common basic rules for the protection of individuals in relation to personal data; A high level of protection is guaranteed through the obligations imposed on those responsible for processing data (public authorities, enterprises, agencies, etc.) and through the rights conferred on individuals whose data is the subject of processing; The obligations imposed on those responsible for processing relate to the quality of the data, insofar as processing must have an explicit and legitimate purpose, security and notification to an independent supervisory authority, which must be created by the Member States; The directive covers in general the collection, adaptation, use, interconnection and erasure of personal data; Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life; Member States shall provide for exemptions or derogations for the processing of personal data carried out solely for journalistic purposes or the purpose of artistic or literary expression only if they are necessary to reconcile the right to privacy with the rules governing freedom of expression; The data subject has the right to be informed of the processing being carried out and the data being used, to request that the data be rectified if it is incorrect and to object to the processing; The directive also relates to the confidentiality and security of processing. It covers both the private and public sectors, with the exception of the provisions concerning the CFSP, cooperation on justice and home affairs, public safety, and national defence and security. Deadline for the transposal of the directive into national legislation: 24 October 1998. docs: title: Directive 1995/46 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=31995L0046 title: OJ L 281 23.11.1995, p. 0031 url: https://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:1995:281:SOM:EN:HTML
other
  • body: CSL type: Council Meeting council: Former Council configuration
procedure/dossier_of_the_committee
Old
JURI/4/06427
New
  • JURI/4/06427
procedure/final/url
Old
http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=31995L0046
New
https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=31995L0046
procedure/instrument
Old
Directive
New
  • Directive
  • See also 1999/0153(COD) Repealed by 2012/0011(COD)
procedure/legal_basis/0
EC before Amsterdam E 100A
procedure/legal_basis/0
EC before Amsterdam E 100
procedure/subject
Old
  • 1.20.09 Protection of privacy and data protection
New
1.20.09
Protection of privacy and data protection
procedure/summary
  • Repealed by
  • See also
links/European Commission/title
Old
PreLex
New
EUR-Lex
activities/20/docs/1/url
Old
http://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:1995:281:SOM:EN:HTML
New
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:1995:281:TOC
procedure/summary/1
See also
activities
  • date: 1990-09-24T00:00:00 docs: url: http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=1990&nu_doc=314 title: COM(1990)0314 type: Legislative proposal published celexid: CELEX:51990DC0314:EN body: EC type: Legislative proposal published commission:
  • date: 1990-10-12T00:00:00 body: EP type: Committee referral announced in Parliament, 1st reading/single reading committees: body: EP responsible: False committee: ECON date: 1990-10-30T00:00:00 committee_full: Economic and Monetary Affairs, Industrial Policy rapporteur: group: PPE name: HERMAN Fernand H.J. body: EP responsible: True committee: JURI date: 1994-07-26T00:00:00 committee_full: Legal Affairs, Citizens' Rights rapporteur: group: PSE name: MEDINA ORTEGA Manuel
  • date: 1992-02-10T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=19920210&type=CRE type: Debate in Parliament title: Debate in Parliament body: EP type: Debate in Parliament
  • date: 1992-03-11T00:00:00 docs: type: Decision by Parliament, 1st reading/single reading title: T3-0140/1992 body: EP type: Decision by Parliament, 1st reading/single reading
  • date: 1992-10-15T00:00:00 docs: url: http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=1992&nu_doc=422 title: COM(1992)0422 type: Modified legislative proposal published celexid: CELEX:51992PC0422:EN body: EC type: Modified legislative proposal published commission:
  • date: 1993-11-23T00:00:00 docs: type: Committee report tabled for plenary confirming Parliament's position title: A3-0364/1993 body: unknown type: Committee report tabled for plenary confirming Parliament's position
  • date: 1993-11-23T00:00:00 body: EP type: Vote in committee, 1st reading/single reading committees: body: EP responsible: False committee: ECON date: 1990-10-30T00:00:00 committee_full: Economic and Monetary Affairs, Industrial Policy rapporteur: group: PPE name: HERMAN Fernand H.J. body: EP responsible: True committee: JURI date: 1994-07-26T00:00:00 committee_full: Legal Affairs, Citizens' Rights rapporteur: group: PSE name: MEDINA ORTEGA Manuel
  • date: 1993-12-02T00:00:00 docs: type: Decision by Parliament, 1st reading/single reading title: T3-0681/1993 body: EP type: Decision by Parliament, 1st reading/single reading
  • body: CSL meeting_id: 1769 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=1769*&MEET_DATE=16/06/1994 type: Debate in Council title: 1769 council: Competitiveness (Internal Market, Industry, Research and Space) date: 1994-06-16T00:00:00 type: Council Meeting
  • body: CSL meeting_id: 1810 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=1810*&MEET_DATE=01/12/1994 type: Debate in Council title: 1810 council: Research date: 1994-12-01T00:00:00 type: Council Meeting
  • date: 1994-12-08T00:00:00 body: CSL type: Council Meeting council: Competitiveness (Internal Market, Industry, Research and Space) meeting_id: 1815
  • date: 1995-02-06T00:00:00 body: CSL type: Council Meeting council: General Affairs meeting_id: 1827
  • body: CSL meeting_id: 1828 docs: url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=ADV&RESULTSET=1&DOC_ID=12003%2F94&DOC_LANCD=EN&ROWSPP=25&NRROWS=500&ORDERBY=DOC_DATE+DESC type: Council position published title: 12003/3/1994 council: Economic and Financial Affairs ECOFIN date: 1995-02-20T00:00:00 type: Council Meeting
  • date: 1995-03-15T00:00:00 body: EP type: Committee referral announced in Parliament, 2nd reading committees: body: EP responsible: True committee: JURI date: 1994-07-26T00:00:00 committee_full: Legal Affairs, Citizens' Rights rapporteur: group: PSE name: MEDINA ORTEGA Manuel
  • body: EP committees: body: EP responsible: True committee: JURI date: 1994-07-26T00:00:00 committee_full: Legal Affairs, Citizens' Rights rapporteur: group: PSE name: MEDINA ORTEGA Manuel docs: type: Committee recommendation tabled for plenary, 2nd reading title: A4-0120/1995 date: 1995-05-23T00:00:00 type: Vote in committee, 2nd reading
  • date: 1995-06-14T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=19950614&type=CRE type: Debate in Parliament title: Debate in Parliament body: EP type: Debate in Parliament
  • date: 1995-06-15T00:00:00 docs: type: Decision by Parliament, 2nd reading title: T4-0296/1995 body: EP type: Decision by Parliament, 2nd reading
  • body: CSL meeting_id: 1866 council: Budget date: 1995-07-24T00:00:00 type: Council Meeting
  • date: 1995-10-24T00:00:00 body: CSL type: Final act signed
  • date: 1995-10-24T00:00:00 body: EP type: End of procedure in Parliament
  • date: 1995-11-23T00:00:00 type: Final act published in Official Journal docs: url: http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=31995L0046 title: Directive 1995/46 url: http://eur-lex.europa.eu/JOHtml.do?uri=OJ:L:1995:281:SOM:EN:HTML title: OJ L 281 23.11.1995, p. 0031
committees
  • body: EP responsible: False committee: ECON date: 1990-10-30T00:00:00 committee_full: Economic and Monetary Affairs, Industrial Policy rapporteur: group: PPE name: HERMAN Fernand H.J.
  • body: EP responsible: True committee: JURI date: 1994-07-26T00:00:00 committee_full: Legal Affairs, Citizens' Rights rapporteur: group: PSE name: MEDINA ORTEGA Manuel
links
European Commission
other
  • body: CSL type: Council Meeting council: Former Council configuration
procedure
dossier_of_the_committee
JURI/4/06427
reference
1990/0287(COD)
subtype
Legislation
legal_basis
stage_reached
Procedure completed
summary
Repealed by
instrument
Directive
title
Personal data protection
type
COD - Ordinary legislative procedure (ex-codecision procedure)
final
subject
1.20.09 Protection of privacy and data protection