BETA


2011/2025(INI) Comprehensive approach on personal data protection in the European Union

Progress: Procedure completed

RoleCommitteeRapporteurShadows
Lead LIBE VOSS Axel (icon: PPE PPE)
Committee Opinion CULT KELLY Seán (icon: PPE PPE) Marietje SCHAAKE (icon: ALDE ALDE)
Committee Opinion ITRE CHICHESTER Giles (icon: ECR ECR)
Committee Opinion IMCO SALVINI Matteo (icon: EFD EFD) Philippe JUVIN (icon: PPE PPE)
Committee Opinion JURI CASTEX Françoise (icon: S&D S&D) Jan Philipp ALBRECHT (icon: Verts/ALE Verts/ALE), Jiří MAŠTÁLKA (icon: GUE/NGL GUE/NGL), Cecilia WIKSTRÖM (icon: ALDE ALDE)
Lead committee dossier:
Legal Basis:
RoP 52

Events

2011/07/06
   EP - Results of vote in Parliament
2011/07/06
   EP - Decision by Parliament, 1st reading/single reading
Details

The European Parliament adopted a resolution on a comprehensive approach on personal data protection in the European Union in response to a European Commission communication on the same subject.

Members consider that while the core principle of the 1995/46/EC Data Protection Directive remain valid, but different approaches in Member States' implementation and enforcement thereof have been observed. The EU must equip itself – after a thorough impact assessment – with a comprehensive, coherent, modern, high-level framework in order to face the numerous challenges facing data protection, such as those caused by globalisation, technological development, enhanced online activity, uses related to more and more activities, and security concerns (e.g. the fight against terrorism).

Parliament supports the Commission’s communication and its focus on strengthening existing arrangements, putting forward new principles and mechanisms and ensuring coherence and high standards of data protection in the new setting offered by the entry into force of the Lisbon Treaty and the now binding Charter of Fundamental Rights.

1) Fully engaging with a comprehensive approach : Parliament emphasises that the standards and principles set out in Directive 95/46/EC represent an ideal starting point and should be further elaborated, extended and enforced, as part of a modern data protection law .

The resolution underlines the importance of Article 9 of Directive 95/46/EC, which obliges Member States to provide for exemptions from data protection rules when personal data are used solely for journalistic purposes or the purpose of artistic or literary expression. It calls on the Commission to ensure that these exemptions are maintained and that every effort is made to evaluate the need for developing these exceptions further in the light of any new provisions in order to protect freedom of the press .

Recognising that technological developments have created new threats to the protection of personal data, Members consider that a thorough evaluation of the current data protection rules is required in order to ensure that (i) the rules still provide a high level of protection, (ii) the rules still strike a fair balance between the right to protection of personal data and the right to freedom of speech and information, and (iii) the rules do not unnecessarily hinder everyday processing of personal data, which is typically harmless.

Members also consider it imperative to extend the application of the general data protection rules to the areas of police and judicial cooperation .

The Commission is called upon to ensure that the current revision of EU data protection legislation will provide for:

full harmonisation at the highest level providing legal certainty and a uniform high level standard of protection of individuals in all circumstances, further clarification of the rules on applicable law with a view to delivering a uniform degree of protection for individuals irrespective of the geographical location of the data controller, also covering enforcement of data protection rules by authorities or in courts.

2) Strengthening individuals’ rights : the resolution calls on the Commission to reinforce existing principles and elements such as transparency, data minimisation and purpose limitation, informed, prior and explicit consent, data breach notification and the data subjects’ rights, as set out in Directive 95/46/EC, improving their implementation in Member States, particularly as regards the ‘global online environment’.

The resolution underlines the importance of:

improving the means of exercising, and awareness of, the rights of access, of rectification, of erasure and blocking of data, of clarifying in detail and codifying the ‘right to be forgotten’ and of enabling data portability; enabling individuals to sufficiently control their online data to enable them to use the internet responsibly; including provisions on profiling, while clearly defining the terms ‘profile’ and ‘profiling’; enhancing obligations of data controllers with regard to provision of information to data subjects; specifically protecting children and minors – in the light, inter alia, of increased access for children to internet and digital content.

3) Strengthening the global dimension of data protection : Parliament considers it of utmost importance that data subjects’ rights are enforceable. It highlights the need for proper harmonised enforcement across the EU . It calls on the Commission to provide in its legislative proposal for severe and dissuasive sanctions, including criminal sanctions, for misuse and abuse of personal data. The Commission is encouraged to introduce a system of mandatory general personal data breach notifications by extending it to sectors other than the telecommunications sector.

The resolution welcomes the possibility of making the appointment of organisation data protection officers mandatory , as the experience of EU Member States which already have data protection officers shows that the concept has proved successful.

Members see in the concepts of ‘privacy by design’ and ‘privacy by default’ a strengthening of data protection, and support examination of possibilities for their concrete application and further development, as well as recognising the need to promote the use of Privacy Enhancing Technologies.

Parliament supports the efforts to further advance self-regulatory initiatives – such as codes of conduct – and the reflection on setting up voluntary EU certification schemes, as complementary steps to legislative measures, while maintaining that the EU data protection regime is based on legislation setting high-level guarantees .

Lastly, the resolution stresses that any certification or seal scheme must be of guaranteed integrity and trustworthiness, technology-neutral, globally recognisable and affordable, so as not to create barriers to entry.

Documents
2011/07/06
   EP - End of procedure in Parliament
2011/06/22
   EP - Committee report tabled for plenary, single reading
Documents
2011/06/22
   EP - Committee report tabled for plenary, single reading
Documents
2011/06/15
   EP - Vote in committee, 1st reading/single reading
Details

The Committee on Civil Liberties, Justice and Home Affairs adopted the report drafted by Axel VOSS (EPP, DE) on a comprehensive approach on personal data protection in the European Union.

Members strongly welcome and support the Commission communication entitled ‘A comprehensive approach on personal data protection in the European Union’ and its focus on strengthening existing arrangements, putting forward new principles and mechanisms and ensuring coherence and high standards of data protection in the new setting offered by the entry into force of the Lisbon Treaty and the now binding Charter of Fundamental Rights.

Fully engaging with a comprehensive approach : Members emphasise that the standards and principles set out in Directive 95/46/EC represent an ideal starting point and should be further elaborated, extended and enforced, as part of a modern data protection law .

The report underlines the importance of Article 9 of Directive 95/46/EC, which obliges Member States to provide for exemptions from data protection rules when personal data are used solely for journalistic purposes or the purpose of artistic or literary expression. It calls on the Commission to ensure that these exemptions are maintained and that every effort is made to evaluate the need for developing these exceptions further in the light of any new provisions in order to protect freedom of the press .

Recognising that technological developments have created new threats to the protection of personal data, Members consider that a thorough evaluation of the current data protection rules is required in order to ensure that (i) the rules still provide a high level of protection, (ii) the rules still strike a fair balance between the right to protection of personal data and the right to freedom of speech and information, and (iii) the rules do not unnecessarily hinder everyday processing of personal data, which is typically harmless.

Members also consider it imperative to extend the application of the general data protection rules to the areas of police and judicial cooperation .

The Commission is called upon to ensure that the current revision of EU data protection legislation will provide for:

full harmonisation at the highest level providing legal certainty and a uniform high level standard of protection of individuals in all circumstances, further clarification of the rules on applicable law with a view to delivering a uniform degree of protection for individuals irrespective of the geographical location of the data controller, also covering enforcement of data protection rules by authorities or in courts.

Strengthening individuals’ rights : the report calls on the Commission to reinforce existing principles and elements such as transparency, data minimisation and purpose limitation, informed, prior and explicit consent, data breach notification and the data subjects’ rights, as set out in Directive 95/46/EC, improving their implementation in Member States, particularly as regards the ‘global online environment’.

The report underlines the importance of:

improving the means of exercising, and awareness of, the rights of access, of rectification, of erasure and blocking of data, of clarifying in detail and codifying the ‘right to be forgotten’ and of enabling data portability; enabling individuals to sufficiently control their online data to enable them to use the internet responsibly; including provisions on profiling, while clearly defining the terms ‘profile’ and ‘profiling’; enhancing obligations of data controllers with regard to provision of information to data subjects; specifically protecting children and minors – in the light, inter alia, of increased access for children to internet and digital content.

Strengthening the global dimension of data protection : the committee considers it of utmost importance that data subjects’ rights are enforceable. Members highlight the need for proper harmonised enforcement across the EU . They call on the Commission to provide in its legislative proposal for severe and dissuasive sanctions, including criminal sanctions, for misuse and abuse of personal data. The Commission is encouraged to introduce a system of mandatory general personal data breach notifications by extending it to sectors other than the telecommunications sector.

The report welcomes the possibility of making the appointment of organisation data protection officers mandatory , as the experience of EU Member States which already have data protection officers shows that the concept has proved successful.

Members see in the concepts of ‘privacy by design’ and ‘privacy by default’ a strengthening of data protection, and support examination of possibilities for their concrete application and further development, as well as recognising the need to promote the use of Privacy Enhancing Technologies.

The committee supports the efforts to further advance self-regulatory initiatives – such as codes of conduct – and the reflection on setting up voluntary EU certification schemes, as complementary steps to legislative measures, while maintaining that the EU data protection regime is based on legislation setting high-level guarantees .

According to Members, any certification or seal scheme must be of guaranteed integrity and trustworthiness, technology-neutral, globally recognisable and affordable, so as not to create barriers to entry.

2011/05/25
   EP - Committee opinion
Documents
2011/05/11
   EP - Committee opinion
Documents
2011/05/03
   EP - Amendments tabled in committee
Documents
2011/04/14
   EP - Committee opinion
Documents
2011/04/14
   EP - Committee opinion
Documents
2011/03/29
   EP - Committee draft report
Documents
2011/02/28
   EP - CASTEX Françoise (S&D) appointed as rapporteur in JURI
2011/02/24
   CSL - Resolution/conclusions adopted by Council
Details

The Council adopted conclusions on the Commission communication "A comprehensive approach on personal data protection in the European Union". It welcomes the Communication and strongly supports the aim outlined in the Communication according to which appropriate protection must be ensured for individuals in all circumstances.

The Council shares the Commission’s view that the notion of a comprehensive approach to data protection does not necessarily exclude specific rules for data protection for police and judicial cooperation in criminal matters within this comprehensive protection scheme. It encourages the Commission to propose a new legal framework taking due account of the specificities of this area. In this context, certain limitations have to be set regarding the rights of individuals in the specific context in a harmonised and balanced way, when necessary and proportionate and taking into account the legitimate goals pursued by law enforcement authorities in combating crime and maintaining public security.

Privacy : Council invites the Commission to explore the possibility of including a provision on the ‘ privacy by design ’ principle in the new legal framework and to favour privacy-enhancing technologies (PET). It demands that special attention be given to minors.

The Council expects the special protection of sensitive personal data to remain a core element of the Commission proposal. It invites the Commission to assess the impact of the use of biometric data on individuals. It supports the idea of introducing privacy seals (EU certification schemes) and self-regulatory initiatives.

Applicable law: the Council feels that the new legal framework should clearly regulate the issue of applicable law within the European Union. As regards cases with an extra-EU dimension, the Council encourages the Commission to find legal solutions that provide adequate safeguards to ensure that data subjects can exercise their data protection rights even if their data are processed outside the European Union.

Principle of accountability: the Council considers that the concept of accountability should be explored with a view to diminishing the administrative burden on data controllers, for instance by simplifying or tailoring adequate notification requirements . Data breach notification should not, however, become a routine alert for all sorts of security breaches. It should apply only if the risks stemming from the breach can impact negatively on the individual's privacy.

While recalling that prime responsibility and accountability for the protection of personal data must rest with the data controller (who benefits from the use of such data), there is also a major need to increase the data subject's awareness of the implications of sharing his personal data.

The Council supports the Commission's aim of enhancing the data controller's responsibility and encourages the Commission to include in its impact assessment an evaluation of the possible appointment of Data Protection Officers .

Rights of individuals: the Council encourages the Commission: i) to define more precisely the rights of data subjects (such as access, rectification, deletion/blocking) and ii) to explore the introduction of a right to be forgotten , as an innovative legal instrument, insofar as the exercise of such a right is enabled by new technologies.

The Council is of the opinion that the right of access should, as a rule, be exercised free of charge and that any charge should be without excessive expense.

Data protection authorities: the Council supports a more harmonised role of data protection authorities. This also holds true for the field of police and judicial cooperation in criminal matters. In this context, the coordination between data protection authorities needs to be improved.

2011/02/24
   CSL - Council Meeting
2011/02/17
   EP - Committee referral announced in Parliament, 1st reading/single reading
2011/02/15
   EP - SALVINI Matteo (EFD) appointed as rapporteur in IMCO
2011/02/11
   DE_BUNDESRAT - Contribution
Documents
2011/01/14
   EDPS - Document attached to the procedure
Details

EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions — ‘A comprehensive approach on personal data protection in the European Union’.

The EDPS fully supports the comprehensive approach to data protection. However, he regrets that the Communication excludes certain areas, such as the data processing by EU institutions and bodies , from the general legal instrument. If the Commission were to decide to leave out these areas, the EDPS urges the Commission to adopt a proposal for the EU level within the shortest possible timeframe, but preferably by the end of 2011.

The EDPS welcomes the Commission's Communication in general, as he is convinced that the review of the present legal framework for data protection is necessary , in order to ensure effective protection in an increasingly developing and globalised information society. He shares the view of the Commission that a strong system of data protection will still be needed in the future, based on the notion that existing general principles of data protection are still valid in a society which undergoes fundamental changes.

In the perspective of a new framework for data protection, the EDPS calls for a more ambitious approach on a number of points :

(1) Harmonisation and simplification : the EDPS determines areas where further and better harmonisation is urgent: definitions, grounds for data processing, data subjects’ rights, international transfers and data protection authorities. The EDPS suggests considering the following alternatives to simplify and/or reduce the scope of the notification requirements:

limit the obligation to notify to specific kinds of processing operations entailing specific risks; a simple registration obligation requiring data controllers to register (as opposed to extensive registration of all data processing operations); the introduction of a standard pan-European notification form.

According to the EDPS, a Regulation , a single instrument which is directly applicable in the Member States, is the most effective means to protect the fundamental right to data protection and to achieve further convergence in the internal market.

(2) Strengthening the rights of individuals : although supporting the Communication where it proposes strengthening individuals’ rights, the EDPS makes the following suggestions:

a principle of transparency could be included in the law. However, it is more important to reinforce the existing provisions dealing with transparency; a provision on personal data breach notification, which extends the obligation included in the revised ePrivacy Directive from certain providers to all data controllers, should be introduced in the general instrument; the limits of consent should be clarified. Broadening the cases where express consent is required should be considered as well as adopting additional rules for the online environment; additional rights should be introduced such as data portability and the right to be forgotten, especially for information society services on the internet; children's interests should be better protected with a number of additional provisions, specifically addressed to the collection and further processing of children's data; collective redress mechanisms for breach of data protection rules should be introduced in the EU legislation, in order to empower qualified entities to bring actions on behalf of groups of individuals.

(3) Strengthening the obligations of organisations/controllers : the new framework must contain incentives for data controllers to pro-actively include data protection measures in their business processes. The EDPS proposes the introduction of general provisions on accountability and ‘privacy by design’. A provision on privacy certification schemes should also be introduced.

(4) Globalisation and applicable law : a new legal instrument must clarify the criteria determining applicable law. It should be ensured that data that are processed outside the borders of the EU do not escape EU jurisdiction where there is a justified claim for applying EU law. The EDPS fully supports the objective to ensure a more uniform and coherent approach vis-à-vis third countries and international organisations. Binding Corporate Rules (BCRs) should be included in the legal instrument.

( 5) The area of police and justice : a comprehensive instrument including police and justice may allow for special rules which duly take account of the specificities of this sector, in line with Declaration 21 attached to the Lisbon Treaty. Specific safeguards need to be put in place, in order to compensate data subjects by giving them additional protection in an area where the processing of personal data is by nature more intrusive.

( 6) Data Protection Authorities (DPAs) and the cooperation between DPAs : the EDPS fully supports the objective of the Commission to address the issue of the status of data protection authorities (DPAs), and to strengthen their independence, resources and enforcement powers.

The EDPS suggests reinforcing the advisory role of the Working Party (Article 29) by introducing an obligation for DPAs and the Commission to take the utmost account of opinions and common positions adopted by the Working Party. It urges the Commission to take a position as soon as possible on the issue of supervision of EU bodies and large scale information systems, taking into consideration that all supervisory bodies should fulfil the indispensable criteria of independence, sufficient resources and enforcement powers and that it should be ensured that the EU perspective is well represented. The EDPS supports the model of ‘coordinated supervision’.

The EDPS suggests the following improvements under the present system :

continue monitoring Member States’ compliance with Directive 95/46/EC and, where necessary, using its enforcement powers under Article 258 TFEU; encourage enforcement at the national level and the coordination of enforcement; build data protection principles pro-actively into new regulations which may have an impact, directly or indirectly, on data protection; actively pursue further cooperation between the various actors at international level.

2010/12/09
   EP - VOSS Axel (PPE) appointed as rapporteur in LIBE
2010/12/01
   EP - CHICHESTER Giles (ECR) appointed as rapporteur in ITRE
2010/11/18
   EP - KELLY Seán (PPE) appointed as rapporteur in CULT
2010/11/04
   EC - Non-legislative basic document published
Details

PURPOSE: to define an overall approach permitting the modernisation of the Union’s legal framework governing personal data protection in response to the challenges posed by globalisation and the rapid development of new technologies.

BACKGROUND: the 1995 Data Protection Directive enshrines two important ambitions of the European integration process: the protection of fundamental rights and freedoms of individuals and in particular the fundamental right to data protection, and the achievement of the internal market – the free flow of personal data in this case.

Fifteen years later, this twofold objective is still valid and the principles enshrined in the Directive remain sound . However, rapid technological developments and globalisation have profoundly changed the world around us, and brought new challenges for the protection of personal data. At the same time, ways of collecting personal data have become increasingly elaborated and less easily detectable.

The Commission launched a review of the current legal framework in May 2009. The findings confirmed that the core principles of the Directive are still valid and that its technologically neutral character should be preserved. However, several issues were identified as being problematic and posing specific challenges . These include:

addressing the impact of new technologies; enhancing the internal market dimension of data protection; addressing globalisation and improving international data transfers; providing a stronger institutional arrangement for the effective enforcement of data protection rules; improving the coherence of the data protection legal framework.

The above challenges require the EU to develop a comprehensive and coherent approach guaranteeing that the fundamental right to data protection for individuals is fully respected within the EU and beyond.

The Lisbon Treaty provided the EU with additional means to achieve this: the EU Charter of Fundamental Rights - with Article 8 recognising an autonomous right to the protection of personal data - has become legally binding, and a new legal basis, Article 16 of the Treaty on the Functioning of the EU (TFEU), has been introduced allowing for the establishment of comprehensive and coherent Union legislation on the protection of individuals with regard to the processing of their personal data

CONTENT: this communication seeks to lay down the Commission's approach for modernising the EU legal system for the protection of personal data in all areas of the Union’s activities, taking account, in particular, of the challenges resulting from globalisation and new technologies.

1) Strengthening individuals' rights: it is essential that individuals are well and clearly informed, in a transparent way , by data controllers about how and by whom their data are collected and processed, for what reasons, for how long and what their rights are if they want to access, rectify or delete their data. Basic elements of transparency are the requirements that the information must be easily accessible and easy to understand, and that clear and plain language is used. In this context, children deserve specific protection.

The processing of data must be limited in relation to its specific purposes (principle of data minimisation) and individuals must retain the possibility of an effective control over their own data. In particular, they should be able to give their informed consent to the processing of their data and benefit from the ‘ right to be forgotten ’ when these data are no longer needed for legitimate purposes or they wish them to be deleted.

There is also a need to make the general public, and particularly young people, more aware of the risks related to the processing of personal data and of their rights, as well as to ensure that there are effective provisions on remedies and sanctions .

2) Enhancing the internal market dimension: the divergences that currently characterise the implementation of European data protection rules run counter to the free flow of data within the Union and increase costs. The Commission recommends:

increasing legal certainty and providing a level playing field for data controllers by reducing the administrative burden they have to bear; clarifying the rules on applicable law and Member States' responsibility for the application of data protection rules; encouraging self-regulatory initiatives and exploring EU certification schemes , such as, for example, privacy seals.

3) Revising the data protection rules in the area of police and judicial cooperation in criminal matters: the Lisbon Treaty introduced a new and comprehensive legal basis for the protection of personal data across Union policies. Against this background, and in view of the EU Charter of Fundamental Rights, the Commission plans to examine the opportunity to:

extend the application of the general data protection rules to the areas of police and judicial cooperation in criminal matters, including for processing at domestic level;

introduce specific and harmonised provisions in the new general data protection framework, for example on data protection regarding the processing of genetic data for criminal law purposes or distinguishing the various categories of data subjects (witnesses; suspects etc) in the area of police cooperation and judicial cooperation in criminal matters.

4) Ensure a high level of protection of data transferred outside the EU : this would involve the improvement and streamlining of procedures for international data transfers while guaranteeing an adequate level of protection of these data in the event of their transfer outside the EU or the EEA. The Commission also proposes to clarify its adequacy procedure and better specify the criteria and requirements for assessing the level of data protection in a third country or an international organisation.

5) A stronger institutional arrangement for better enforcement of data protection rules: the Commission will examine how to i) strengthen, clarify and harmonise the status and the powers of the national Data Protection Authorities in the new legal framework; ii) improve the cooperation and coordination between Data Protection Authorities; iii) strengthen the role of national data protection supervisors, better coordinating their work via the Article 29 Working Party (which should become a more transparent body).

The Commission's comprehensive approach will serve as a basis for further discussions with the other European institutions and other interested parties. For this purpose, the Commission welcomes feedback on the issues raised in this Communication.

On this basis, the Commission will propose legislation in 2011 aimed at revising the legal framework for data protection. As a second step, the Commission will assess the need to adapt other legal instruments to the new general data protection framework.

Documents

AmendmentsDossier
364 2011/2025(INI)
2011/03/22 CULT 34 amendments...
source: PE-460.957
2011/03/24 IMCO 74 amendments...
source: PE-462.540
2011/04/14 ITRE 57 amendments...
source: PE-462.771
2011/05/03 JURI 199 amendments...
source: PE-464.682

History

(these mark the time of scraping, not the official date of the change)

docs/1/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE460.636
New
https://www.europarl.europa.eu/doceo/document/LIBE-PR-460636_EN.html
docs/2/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE458.791&secondRef=03
New
https://www.europarl.europa.eu/doceo/document/CULT-AD-458791_EN.html
docs/3/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE458.792&secondRef=02
New
https://www.europarl.europa.eu/doceo/document/IMCO-AD-458792_EN.html
docs/4/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE464.706
New
https://www.europarl.europa.eu/doceo/document/LIBE-AM-464706_EN.html
docs/5/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE460.921&secondRef=02
New
https://www.europarl.europa.eu/doceo/document/ITRE-AD-460921_EN.html
docs/6/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE462.780&secondRef=02
New
https://www.europarl.europa.eu/doceo/document/JURI-AD-462780_EN.html
docs/7/docs/0/url
Old
http://www.europarl.europa.eu/doceo/document/A-7-2011-0244_EN.html
New
https://www.europarl.europa.eu/doceo/document/A-7-2011-0244_EN.html
events/1/type
Old
Committee referral announced in Parliament, 1st reading/single reading
New
Committee referral announced in Parliament
events/3/type
Old
Vote in committee, 1st reading/single reading
New
Vote in committee
events/4
date
2011-06-22T00:00:00
type
Committee report tabled for plenary
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/A-7-2011-0244_EN.html title: A7-0244/2011
events/4
date
2011-06-22T00:00:00
type
Committee report tabled for plenary, single reading
body
EP
docs
url: http://www.europarl.europa.eu/doceo/document/A-7-2011-0244_EN.html title: A7-0244/2011
events/6
date
2011-07-06T00:00:00
type
Decision by Parliament
body
EP
docs
url: https://www.europarl.europa.eu/doceo/document/TA-7-2011-0323_EN.html title: T7-0323/2011
summary
events/6
date
2011-07-06T00:00:00
type
Decision by Parliament, 1st reading/single reading
body
EP
docs
url: http://www.europarl.europa.eu/doceo/document/TA-7-2011-0323_EN.html title: T7-0323/2011
summary
procedure/Modified legal basis
Rules of Procedure EP 150
procedure/Other legal basis
Rules of Procedure EP 159
procedure/legal_basis/0
Rules of Procedure EP 54
procedure/legal_basis/0
Rules of Procedure EP 52
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
rapporteur
name: VOSS Axel date: 2010-12-09T00:00:00 group: European People's Party (Christian Democrats) abbr: PPE
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
date
2010-12-09T00:00:00
rapporteur
name: VOSS Axel group: European People's Party (Christian Democrats) abbr: PPE
committees/1
type
Committee Opinion
body
EP
associated
False
committee_full
Industry, Research and Energy
committee
ITRE
rapporteur
name: CHICHESTER Giles date: 2010-12-01T00:00:00 group: European Conservatives and Reformists abbr: ECR
committees/1
type
Committee Opinion
body
EP
associated
False
committee_full
Industry, Research and Energy
committee
ITRE
date
2010-12-01T00:00:00
rapporteur
name: CHICHESTER Giles group: European Conservatives and Reformists abbr: ECR
committees/2
type
Committee Opinion
body
EP
associated
False
committee_full
Internal Market and Consumer Protection
committee
IMCO
rapporteur
name: SALVINI Matteo date: 2011-02-15T00:00:00 group: Europe of Freedom and Democracy abbr: EFD
committees/2
type
Committee Opinion
body
EP
associated
False
committee_full
Internal Market and Consumer Protection
committee
IMCO
date
2011-02-15T00:00:00
rapporteur
name: SALVINI Matteo group: Europe of Freedom and Democracy abbr: EFD
committees/3
type
Committee Opinion
body
EP
associated
False
committee_full
Culture and Education
committee
CULT
rapporteur
name: KELLY Seán date: 2010-11-18T00:00:00 group: European People's Party (Christian Democrats) abbr: PPE
committees/3
type
Committee Opinion
body
EP
associated
False
committee_full
Culture and Education
committee
CULT
date
2010-11-18T00:00:00
rapporteur
name: KELLY Seán group: European People's Party (Christian Democrats) abbr: PPE
committees/4
type
Committee Opinion
body
EP
associated
False
committee_full
Legal Affairs
committee
JURI
rapporteur
name: CASTEX Françoise date: 2011-02-28T00:00:00 group: Progressive Alliance of Socialists and Democrats abbr: S&D
committees/4
type
Committee Opinion
body
EP
associated
False
committee_full
Legal Affairs
committee
JURI
date
2011-02-28T00:00:00
rapporteur
name: CASTEX Françoise group: Progressive Alliance of Socialists and Democrats abbr: S&D
docs/7/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A7-2011-244&language=EN
New
http://www.europarl.europa.eu/doceo/document/A-7-2011-0244_EN.html
events/4/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A7-2011-244&language=EN
New
http://www.europarl.europa.eu/doceo/document/A-7-2011-0244_EN.html
events/6/docs/0/url
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2011-323
New
http://www.europarl.europa.eu/doceo/document/TA-7-2011-0323_EN.html
activities
  • date: 2010-11-04T00:00:00 docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2010/0609/COM_COM(2010)0609_EN.pdf title: COM(2010)0609 type: Non-legislative basic document published celexid: CELEX:52010DC0609:EN body: EC commission: DG: url: http://ec.europa.eu/justice/ title: Justice Commissioner: REDING Viviane type: Non-legislative basic document published
  • date: 2011-02-17T00:00:00 body: EP type: Committee referral announced in Parliament, 1st reading/single reading committees: body: EP responsible: False committee: CULT date: 2010-11-18T00:00:00 committee_full: Culture and Education rapporteur: group: PPE name: KELLY Seán body: EP responsible: False committee: IMCO date: 2011-02-15T00:00:00 committee_full: Internal Market and Consumer Protection rapporteur: group: EFD name: SALVINI Matteo body: EP responsible: False committee: ITRE date: 2010-12-01T00:00:00 committee_full: Industry, Research and Energy rapporteur: group: ECR name: CHICHESTER Giles body: EP responsible: False committee: JURI date: 2011-02-28T00:00:00 committee_full: Legal Affairs rapporteur: group: S&D name: CASTEX Françoise body: EP responsible: True committee: LIBE date: 2010-12-09T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: PPE name: VOSS Axel
  • body: CSL meeting_id: 3071 council: Justice and Home Affairs (JHA) date: 2011-02-24T00:00:00 type: Council Meeting
  • date: 2011-06-15T00:00:00 body: EP committees: body: EP responsible: False committee: CULT date: 2010-11-18T00:00:00 committee_full: Culture and Education rapporteur: group: PPE name: KELLY Seán body: EP responsible: False committee: IMCO date: 2011-02-15T00:00:00 committee_full: Internal Market and Consumer Protection rapporteur: group: EFD name: SALVINI Matteo body: EP responsible: False committee: ITRE date: 2010-12-01T00:00:00 committee_full: Industry, Research and Energy rapporteur: group: ECR name: CHICHESTER Giles body: EP responsible: False committee: JURI date: 2011-02-28T00:00:00 committee_full: Legal Affairs rapporteur: group: S&D name: CASTEX Françoise body: EP responsible: True committee: LIBE date: 2010-12-09T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: PPE name: VOSS Axel type: Vote in committee, 1st reading/single reading
  • date: 2011-06-22T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A7-2011-244&language=EN type: Committee report tabled for plenary, single reading title: A7-0244/2011 body: EP type: Committee report tabled for plenary, single reading
  • date: 2011-07-06T00:00:00 docs: url: http://www.europarl.europa.eu/oeil/popups/sda.do?id=20306&l=en type: Results of vote in Parliament title: Results of vote in Parliament url: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2011-323 type: Decision by Parliament, 1st reading/single reading title: T7-0323/2011 body: EP type: Results of vote in Parliament
commission
  • body: EC dg: Justice and Consumers commissioner: REDING Viviane
committees/0
type
Responsible Committee
body
EP
associated
False
committee_full
Civil Liberties, Justice and Home Affairs
committee
LIBE
date
2010-12-09T00:00:00
rapporteur
name: VOSS Axel group: European People's Party (Christian Democrats) abbr: PPE
committees/0
body
EP
responsible
False
committee
CULT
date
2010-11-18T00:00:00
committee_full
Culture and Education
rapporteur
group: PPE name: KELLY Seán
committees/1
type
Committee Opinion
body
EP
associated
False
committee_full
Industry, Research and Energy
committee
ITRE
date
2010-12-01T00:00:00
rapporteur
name: CHICHESTER Giles group: European Conservatives and Reformists abbr: ECR
committees/1
body
EP
responsible
False
committee
IMCO
date
2011-02-15T00:00:00
committee_full
Internal Market and Consumer Protection
rapporteur
group: EFD name: SALVINI Matteo
committees/2
type
Committee Opinion
body
EP
associated
False
committee_full
Internal Market and Consumer Protection
committee
IMCO
date
2011-02-15T00:00:00
rapporteur
name: SALVINI Matteo group: Europe of Freedom and Democracy abbr: EFD
committees/2
body
EP
responsible
False
committee
ITRE
date
2010-12-01T00:00:00
committee_full
Industry, Research and Energy
rapporteur
group: ECR name: CHICHESTER Giles
committees/3
type
Committee Opinion
body
EP
associated
False
committee_full
Culture and Education
committee
CULT
date
2010-11-18T00:00:00
rapporteur
name: KELLY Seán group: European People's Party (Christian Democrats) abbr: PPE
committees/3
body
EP
responsible
False
committee
JURI
date
2011-02-28T00:00:00
committee_full
Legal Affairs
rapporteur
group: S&D name: CASTEX Françoise
committees/4
type
Committee Opinion
body
EP
associated
False
committee_full
Legal Affairs
committee
JURI
date
2011-02-28T00:00:00
rapporteur
name: CASTEX Françoise group: Progressive Alliance of Socialists and Democrats abbr: S&D
committees/4
body
EP
responsible
True
committee
LIBE
date
2010-12-09T00:00:00
committee_full
Civil Liberties, Justice and Home Affairs
rapporteur
group: PPE name: VOSS Axel
council
  • body: CSL type: Council Meeting council: Justice and Home Affairs (JHA) meeting_id: 3071 url: http://register.consilium.europa.eu/content/out?lang=EN&typ=SET&i=SMPL&ROWSPP=25&RESULTSET=1&NRROWS=500&DOC_LANCD=EN&ORDERBY=DOC_DATE+DESC&CONTENTS=3071*&MEET_DATE=24/02/2011 date: 2011-02-24T00:00:00
docs
  • date: 2011-01-14T00:00:00 docs: url: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C:2011:181:TOC title: OJ C 181 22.06.2011, p. 0001 title: N7-0061/2011 summary: EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions — ‘A comprehensive approach on personal data protection in the European Union’. The EDPS fully supports the comprehensive approach to data protection. However, he regrets that the Communication excludes certain areas, such as the data processing by EU institutions and bodies , from the general legal instrument. If the Commission were to decide to leave out these areas, the EDPS urges the Commission to adopt a proposal for the EU level within the shortest possible timeframe, but preferably by the end of 2011. The EDPS welcomes the Commission's Communication in general, as he is convinced that the review of the present legal framework for data protection is necessary , in order to ensure effective protection in an increasingly developing and globalised information society. He shares the view of the Commission that a strong system of data protection will still be needed in the future, based on the notion that existing general principles of data protection are still valid in a society which undergoes fundamental changes. In the perspective of a new framework for data protection, the EDPS calls for a more ambitious approach on a number of points : (1) Harmonisation and simplification : the EDPS determines areas where further and better harmonisation is urgent: definitions, grounds for data processing, data subjects’ rights, international transfers and data protection authorities. The EDPS suggests considering the following alternatives to simplify and/or reduce the scope of the notification requirements: limit the obligation to notify to specific kinds of processing operations entailing specific risks; a simple registration obligation requiring data controllers to register (as opposed to extensive registration of all data processing operations); the introduction of a standard pan-European notification form. According to the EDPS, a Regulation , a single instrument which is directly applicable in the Member States, is the most effective means to protect the fundamental right to data protection and to achieve further convergence in the internal market. (2) Strengthening the rights of individuals : although supporting the Communication where it proposes strengthening individuals’ rights, the EDPS makes the following suggestions: a principle of transparency could be included in the law. However, it is more important to reinforce the existing provisions dealing with transparency; a provision on personal data breach notification, which extends the obligation included in the revised ePrivacy Directive from certain providers to all data controllers, should be introduced in the general instrument; the limits of consent should be clarified. Broadening the cases where express consent is required should be considered as well as adopting additional rules for the online environment; additional rights should be introduced such as data portability and the right to be forgotten, especially for information society services on the internet; children's interests should be better protected with a number of additional provisions, specifically addressed to the collection and further processing of children's data; collective redress mechanisms for breach of data protection rules should be introduced in the EU legislation, in order to empower qualified entities to bring actions on behalf of groups of individuals. (3) Strengthening the obligations of organisations/controllers : the new framework must contain incentives for data controllers to pro-actively include data protection measures in their business processes. The EDPS proposes the introduction of general provisions on accountability and ‘privacy by design’. A provision on privacy certification schemes should also be introduced. (4) Globalisation and applicable law : a new legal instrument must clarify the criteria determining applicable law. It should be ensured that data that are processed outside the borders of the EU do not escape EU jurisdiction where there is a justified claim for applying EU law. The EDPS fully supports the objective to ensure a more uniform and coherent approach vis-à-vis third countries and international organisations. Binding Corporate Rules (BCRs) should be included in the legal instrument. ( 5) The area of police and justice : a comprehensive instrument including police and justice may allow for special rules which duly take account of the specificities of this sector, in line with Declaration 21 attached to the Lisbon Treaty. Specific safeguards need to be put in place, in order to compensate data subjects by giving them additional protection in an area where the processing of personal data is by nature more intrusive. ( 6) Data Protection Authorities (DPAs) and the cooperation between DPAs : the EDPS fully supports the objective of the Commission to address the issue of the status of data protection authorities (DPAs), and to strengthen their independence, resources and enforcement powers. The EDPS suggests reinforcing the advisory role of the Working Party (Article 29) by introducing an obligation for DPAs and the Commission to take the utmost account of opinions and common positions adopted by the Working Party. It urges the Commission to take a position as soon as possible on the issue of supervision of EU bodies and large scale information systems, taking into consideration that all supervisory bodies should fulfil the indispensable criteria of independence, sufficient resources and enforcement powers and that it should be ensured that the EU perspective is well represented. The EDPS supports the model of ‘coordinated supervision’. The EDPS suggests the following improvements under the present system : continue monitoring Member States’ compliance with Directive 95/46/EC and, where necessary, using its enforcement powers under Article 258 TFEU; encourage enforcement at the national level and the coordination of enforcement; build data protection principles pro-actively into new regulations which may have an impact, directly or indirectly, on data protection; actively pursue further cooperation between the various actors at international level. type: Document attached to the procedure body: EDPS
  • date: 2011-03-29T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE460.636 title: PE460.636 type: Committee draft report body: EP
  • date: 2011-04-14T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE458.791&secondRef=03 title: PE458.791 committee: CULT type: Committee opinion body: EP
  • date: 2011-04-14T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE458.792&secondRef=02 title: PE458.792 committee: IMCO type: Committee opinion body: EP
  • date: 2011-05-03T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE464.706 title: PE464.706 type: Amendments tabled in committee body: EP
  • date: 2011-05-11T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE460.921&secondRef=02 title: PE460.921 committee: ITRE type: Committee opinion body: EP
  • date: 2011-05-25T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE462.780&secondRef=02 title: PE462.780 committee: JURI type: Committee opinion body: EP
  • date: 2011-06-22T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A7-2011-244&language=EN title: A7-0244/2011 type: Committee report tabled for plenary, single reading body: EP
  • date: 2011-02-11T00:00:00 docs: url: http://www.connefof.europarl.europa.eu/connefof/app/exp/COM(2010)0609 title: COM(2010)0609 type: Contribution body: DE_BUNDESRAT
events
  • date: 2010-11-04T00:00:00 type: Non-legislative basic document published body: EC docs: url: http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2010/0609/COM_COM(2010)0609_EN.pdf title: COM(2010)0609 url: https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!DocNumber&lg=EN&type_doc=COMfinal&an_doc=2010&nu_doc=609 title: EUR-Lex summary: PURPOSE: to define an overall approach permitting the modernisation of the Union’s legal framework governing personal data protection in response to the challenges posed by globalisation and the rapid development of new technologies. BACKGROUND: the 1995 Data Protection Directive enshrines two important ambitions of the European integration process: the protection of fundamental rights and freedoms of individuals and in particular the fundamental right to data protection, and the achievement of the internal market – the free flow of personal data in this case. Fifteen years later, this twofold objective is still valid and the principles enshrined in the Directive remain sound . However, rapid technological developments and globalisation have profoundly changed the world around us, and brought new challenges for the protection of personal data. At the same time, ways of collecting personal data have become increasingly elaborated and less easily detectable. The Commission launched a review of the current legal framework in May 2009. The findings confirmed that the core principles of the Directive are still valid and that its technologically neutral character should be preserved. However, several issues were identified as being problematic and posing specific challenges . These include: addressing the impact of new technologies; enhancing the internal market dimension of data protection; addressing globalisation and improving international data transfers; providing a stronger institutional arrangement for the effective enforcement of data protection rules; improving the coherence of the data protection legal framework. The above challenges require the EU to develop a comprehensive and coherent approach guaranteeing that the fundamental right to data protection for individuals is fully respected within the EU and beyond. The Lisbon Treaty provided the EU with additional means to achieve this: the EU Charter of Fundamental Rights - with Article 8 recognising an autonomous right to the protection of personal data - has become legally binding, and a new legal basis, Article 16 of the Treaty on the Functioning of the EU (TFEU), has been introduced allowing for the establishment of comprehensive and coherent Union legislation on the protection of individuals with regard to the processing of their personal data CONTENT: this communication seeks to lay down the Commission's approach for modernising the EU legal system for the protection of personal data in all areas of the Union’s activities, taking account, in particular, of the challenges resulting from globalisation and new technologies. 1) Strengthening individuals' rights: it is essential that individuals are well and clearly informed, in a transparent way , by data controllers about how and by whom their data are collected and processed, for what reasons, for how long and what their rights are if they want to access, rectify or delete their data. Basic elements of transparency are the requirements that the information must be easily accessible and easy to understand, and that clear and plain language is used. In this context, children deserve specific protection. The processing of data must be limited in relation to its specific purposes (principle of data minimisation) and individuals must retain the possibility of an effective control over their own data. In particular, they should be able to give their informed consent to the processing of their data and benefit from the ‘ right to be forgotten ’ when these data are no longer needed for legitimate purposes or they wish them to be deleted. There is also a need to make the general public, and particularly young people, more aware of the risks related to the processing of personal data and of their rights, as well as to ensure that there are effective provisions on remedies and sanctions . 2) Enhancing the internal market dimension: the divergences that currently characterise the implementation of European data protection rules run counter to the free flow of data within the Union and increase costs. The Commission recommends: increasing legal certainty and providing a level playing field for data controllers by reducing the administrative burden they have to bear; clarifying the rules on applicable law and Member States' responsibility for the application of data protection rules; encouraging self-regulatory initiatives and exploring EU certification schemes , such as, for example, privacy seals. 3) Revising the data protection rules in the area of police and judicial cooperation in criminal matters: the Lisbon Treaty introduced a new and comprehensive legal basis for the protection of personal data across Union policies. Against this background, and in view of the EU Charter of Fundamental Rights, the Commission plans to examine the opportunity to: extend the application of the general data protection rules to the areas of police and judicial cooperation in criminal matters, including for processing at domestic level; introduce specific and harmonised provisions in the new general data protection framework, for example on data protection regarding the processing of genetic data for criminal law purposes or distinguishing the various categories of data subjects (witnesses; suspects etc) in the area of police cooperation and judicial cooperation in criminal matters. 4) Ensure a high level of protection of data transferred outside the EU : this would involve the improvement and streamlining of procedures for international data transfers while guaranteeing an adequate level of protection of these data in the event of their transfer outside the EU or the EEA. The Commission also proposes to clarify its adequacy procedure and better specify the criteria and requirements for assessing the level of data protection in a third country or an international organisation. 5) A stronger institutional arrangement for better enforcement of data protection rules: the Commission will examine how to i) strengthen, clarify and harmonise the status and the powers of the national Data Protection Authorities in the new legal framework; ii) improve the cooperation and coordination between Data Protection Authorities; iii) strengthen the role of national data protection supervisors, better coordinating their work via the Article 29 Working Party (which should become a more transparent body). The Commission's comprehensive approach will serve as a basis for further discussions with the other European institutions and other interested parties. For this purpose, the Commission welcomes feedback on the issues raised in this Communication. On this basis, the Commission will propose legislation in 2011 aimed at revising the legal framework for data protection. As a second step, the Commission will assess the need to adapt other legal instruments to the new general data protection framework.
  • date: 2011-02-17T00:00:00 type: Committee referral announced in Parliament, 1st reading/single reading body: EP
  • date: 2011-02-24T00:00:00 type: Resolution/conclusions adopted by Council body: CSL summary: The Council adopted conclusions on the Commission communication "A comprehensive approach on personal data protection in the European Union". It welcomes the Communication and strongly supports the aim outlined in the Communication according to which appropriate protection must be ensured for individuals in all circumstances. The Council shares the Commission’s view that the notion of a comprehensive approach to data protection does not necessarily exclude specific rules for data protection for police and judicial cooperation in criminal matters within this comprehensive protection scheme. It encourages the Commission to propose a new legal framework taking due account of the specificities of this area. In this context, certain limitations have to be set regarding the rights of individuals in the specific context in a harmonised and balanced way, when necessary and proportionate and taking into account the legitimate goals pursued by law enforcement authorities in combating crime and maintaining public security. Privacy : Council invites the Commission to explore the possibility of including a provision on the ‘ privacy by design ’ principle in the new legal framework and to favour privacy-enhancing technologies (PET). It demands that special attention be given to minors. The Council expects the special protection of sensitive personal data to remain a core element of the Commission proposal. It invites the Commission to assess the impact of the use of biometric data on individuals. It supports the idea of introducing privacy seals (EU certification schemes) and self-regulatory initiatives. Applicable law: the Council feels that the new legal framework should clearly regulate the issue of applicable law within the European Union. As regards cases with an extra-EU dimension, the Council encourages the Commission to find legal solutions that provide adequate safeguards to ensure that data subjects can exercise their data protection rights even if their data are processed outside the European Union. Principle of accountability: the Council considers that the concept of accountability should be explored with a view to diminishing the administrative burden on data controllers, for instance by simplifying or tailoring adequate notification requirements . Data breach notification should not, however, become a routine alert for all sorts of security breaches. It should apply only if the risks stemming from the breach can impact negatively on the individual's privacy. While recalling that prime responsibility and accountability for the protection of personal data must rest with the data controller (who benefits from the use of such data), there is also a major need to increase the data subject's awareness of the implications of sharing his personal data. The Council supports the Commission's aim of enhancing the data controller's responsibility and encourages the Commission to include in its impact assessment an evaluation of the possible appointment of Data Protection Officers . Rights of individuals: the Council encourages the Commission: i) to define more precisely the rights of data subjects (such as access, rectification, deletion/blocking) and ii) to explore the introduction of a right to be forgotten , as an innovative legal instrument, insofar as the exercise of such a right is enabled by new technologies. The Council is of the opinion that the right of access should, as a rule, be exercised free of charge and that any charge should be without excessive expense. Data protection authorities: the Council supports a more harmonised role of data protection authorities. This also holds true for the field of police and judicial cooperation in criminal matters. In this context, the coordination between data protection authorities needs to be improved.
  • date: 2011-06-15T00:00:00 type: Vote in committee, 1st reading/single reading body: EP summary: The Committee on Civil Liberties, Justice and Home Affairs adopted the report drafted by Axel VOSS (EPP, DE) on a comprehensive approach on personal data protection in the European Union. Members strongly welcome and support the Commission communication entitled ‘A comprehensive approach on personal data protection in the European Union’ and its focus on strengthening existing arrangements, putting forward new principles and mechanisms and ensuring coherence and high standards of data protection in the new setting offered by the entry into force of the Lisbon Treaty and the now binding Charter of Fundamental Rights. Fully engaging with a comprehensive approach : Members emphasise that the standards and principles set out in Directive 95/46/EC represent an ideal starting point and should be further elaborated, extended and enforced, as part of a modern data protection law . The report underlines the importance of Article 9 of Directive 95/46/EC, which obliges Member States to provide for exemptions from data protection rules when personal data are used solely for journalistic purposes or the purpose of artistic or literary expression. It calls on the Commission to ensure that these exemptions are maintained and that every effort is made to evaluate the need for developing these exceptions further in the light of any new provisions in order to protect freedom of the press . Recognising that technological developments have created new threats to the protection of personal data, Members consider that a thorough evaluation of the current data protection rules is required in order to ensure that (i) the rules still provide a high level of protection, (ii) the rules still strike a fair balance between the right to protection of personal data and the right to freedom of speech and information, and (iii) the rules do not unnecessarily hinder everyday processing of personal data, which is typically harmless. Members also consider it imperative to extend the application of the general data protection rules to the areas of police and judicial cooperation . The Commission is called upon to ensure that the current revision of EU data protection legislation will provide for: full harmonisation at the highest level providing legal certainty and a uniform high level standard of protection of individuals in all circumstances, further clarification of the rules on applicable law with a view to delivering a uniform degree of protection for individuals irrespective of the geographical location of the data controller, also covering enforcement of data protection rules by authorities or in courts. Strengthening individuals’ rights : the report calls on the Commission to reinforce existing principles and elements such as transparency, data minimisation and purpose limitation, informed, prior and explicit consent, data breach notification and the data subjects’ rights, as set out in Directive 95/46/EC, improving their implementation in Member States, particularly as regards the ‘global online environment’. The report underlines the importance of: improving the means of exercising, and awareness of, the rights of access, of rectification, of erasure and blocking of data, of clarifying in detail and codifying the ‘right to be forgotten’ and of enabling data portability; enabling individuals to sufficiently control their online data to enable them to use the internet responsibly; including provisions on profiling, while clearly defining the terms ‘profile’ and ‘profiling’; enhancing obligations of data controllers with regard to provision of information to data subjects; specifically protecting children and minors – in the light, inter alia, of increased access for children to internet and digital content. Strengthening the global dimension of data protection : the committee considers it of utmost importance that data subjects’ rights are enforceable. Members highlight the need for proper harmonised enforcement across the EU . They call on the Commission to provide in its legislative proposal for severe and dissuasive sanctions, including criminal sanctions, for misuse and abuse of personal data. The Commission is encouraged to introduce a system of mandatory general personal data breach notifications by extending it to sectors other than the telecommunications sector. The report welcomes the possibility of making the appointment of organisation data protection officers mandatory , as the experience of EU Member States which already have data protection officers shows that the concept has proved successful. Members see in the concepts of ‘privacy by design’ and ‘privacy by default’ a strengthening of data protection, and support examination of possibilities for their concrete application and further development, as well as recognising the need to promote the use of Privacy Enhancing Technologies. The committee supports the efforts to further advance self-regulatory initiatives – such as codes of conduct – and the reflection on setting up voluntary EU certification schemes, as complementary steps to legislative measures, while maintaining that the EU data protection regime is based on legislation setting high-level guarantees . According to Members, any certification or seal scheme must be of guaranteed integrity and trustworthiness, technology-neutral, globally recognisable and affordable, so as not to create barriers to entry.
  • date: 2011-06-22T00:00:00 type: Committee report tabled for plenary, single reading body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A7-2011-244&language=EN title: A7-0244/2011
  • date: 2011-07-06T00:00:00 type: Results of vote in Parliament body: EP docs: url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=20306&l=en title: Results of vote in Parliament
  • date: 2011-07-06T00:00:00 type: Decision by Parliament, 1st reading/single reading body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2011-323 title: T7-0323/2011 summary: The European Parliament adopted a resolution on a comprehensive approach on personal data protection in the European Union in response to a European Commission communication on the same subject. Members consider that while the core principle of the 1995/46/EC Data Protection Directive remain valid, but different approaches in Member States' implementation and enforcement thereof have been observed. The EU must equip itself – after a thorough impact assessment – with a comprehensive, coherent, modern, high-level framework in order to face the numerous challenges facing data protection, such as those caused by globalisation, technological development, enhanced online activity, uses related to more and more activities, and security concerns (e.g. the fight against terrorism). Parliament supports the Commission’s communication and its focus on strengthening existing arrangements, putting forward new principles and mechanisms and ensuring coherence and high standards of data protection in the new setting offered by the entry into force of the Lisbon Treaty and the now binding Charter of Fundamental Rights. 1) Fully engaging with a comprehensive approach : Parliament emphasises that the standards and principles set out in Directive 95/46/EC represent an ideal starting point and should be further elaborated, extended and enforced, as part of a modern data protection law . The resolution underlines the importance of Article 9 of Directive 95/46/EC, which obliges Member States to provide for exemptions from data protection rules when personal data are used solely for journalistic purposes or the purpose of artistic or literary expression. It calls on the Commission to ensure that these exemptions are maintained and that every effort is made to evaluate the need for developing these exceptions further in the light of any new provisions in order to protect freedom of the press . Recognising that technological developments have created new threats to the protection of personal data, Members consider that a thorough evaluation of the current data protection rules is required in order to ensure that (i) the rules still provide a high level of protection, (ii) the rules still strike a fair balance between the right to protection of personal data and the right to freedom of speech and information, and (iii) the rules do not unnecessarily hinder everyday processing of personal data, which is typically harmless. Members also consider it imperative to extend the application of the general data protection rules to the areas of police and judicial cooperation . The Commission is called upon to ensure that the current revision of EU data protection legislation will provide for: full harmonisation at the highest level providing legal certainty and a uniform high level standard of protection of individuals in all circumstances, further clarification of the rules on applicable law with a view to delivering a uniform degree of protection for individuals irrespective of the geographical location of the data controller, also covering enforcement of data protection rules by authorities or in courts. 2) Strengthening individuals’ rights : the resolution calls on the Commission to reinforce existing principles and elements such as transparency, data minimisation and purpose limitation, informed, prior and explicit consent, data breach notification and the data subjects’ rights, as set out in Directive 95/46/EC, improving their implementation in Member States, particularly as regards the ‘global online environment’. The resolution underlines the importance of: improving the means of exercising, and awareness of, the rights of access, of rectification, of erasure and blocking of data, of clarifying in detail and codifying the ‘right to be forgotten’ and of enabling data portability; enabling individuals to sufficiently control their online data to enable them to use the internet responsibly; including provisions on profiling, while clearly defining the terms ‘profile’ and ‘profiling’; enhancing obligations of data controllers with regard to provision of information to data subjects; specifically protecting children and minors – in the light, inter alia, of increased access for children to internet and digital content. 3) Strengthening the global dimension of data protection : Parliament considers it of utmost importance that data subjects’ rights are enforceable. It highlights the need for proper harmonised enforcement across the EU . It calls on the Commission to provide in its legislative proposal for severe and dissuasive sanctions, including criminal sanctions, for misuse and abuse of personal data. The Commission is encouraged to introduce a system of mandatory general personal data breach notifications by extending it to sectors other than the telecommunications sector. The resolution welcomes the possibility of making the appointment of organisation data protection officers mandatory , as the experience of EU Member States which already have data protection officers shows that the concept has proved successful. Members see in the concepts of ‘privacy by design’ and ‘privacy by default’ a strengthening of data protection, and support examination of possibilities for their concrete application and further development, as well as recognising the need to promote the use of Privacy Enhancing Technologies. Parliament supports the efforts to further advance self-regulatory initiatives – such as codes of conduct – and the reflection on setting up voluntary EU certification schemes, as complementary steps to legislative measures, while maintaining that the EU data protection regime is based on legislation setting high-level guarantees . Lastly, the resolution stresses that any certification or seal scheme must be of guaranteed integrity and trustworthiness, technology-neutral, globally recognisable and affordable, so as not to create barriers to entry.
  • date: 2011-07-06T00:00:00 type: End of procedure in Parliament body: EP
links
other
  • body: EC dg: url: http://ec.europa.eu/justice/ title: Justice commissioner: REDING Viviane
procedure/Modified legal basis
Old
Rules of Procedure of the European Parliament EP 150
New
Rules of Procedure EP 150
procedure/dossier_of_the_committee
Old
LIBE/7/05177
New
  • LIBE/7/05177
procedure/legal_basis/0
Rules of Procedure EP 52
procedure/legal_basis/0
Rules of Procedure of the European Parliament EP 052
procedure/subject
Old
  • 1.20.09 Protection of privacy and data protection
New
1.20.09
Protection of privacy and data protection
activities/0/docs/0/celexid
CELEX:52010DC0609:EN
activities/0/docs/0/celexid
CELEX:52010DC0609:EN
activities/0/docs/0/url
Old
http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2010/0609/COM_COM(2010)0609_EN.pdf
New
http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2010/0609/COM_COM(2010)0609_EN.pdf
activities
  • date: 2010-11-04T00:00:00 docs: url: http://www.europarl.europa.eu/registre/docs_autres_institutions/commission_europeenne/com/2010/0609/COM_COM(2010)0609_EN.pdf title: COM(2010)0609 type: Non-legislative basic document published celexid: CELEX:52010DC0609:EN body: EC type: Non-legislative basic document published commission: DG: url: http://ec.europa.eu/justice/ title: Justice Commissioner: REDING Viviane
  • date: 2011-02-17T00:00:00 body: EP type: Committee referral announced in Parliament, 1st reading/single reading committees: body: EP responsible: False committee: CULT date: 2010-11-18T00:00:00 committee_full: Culture and Education rapporteur: group: PPE name: KELLY Seán body: EP responsible: False committee: IMCO date: 2011-02-15T00:00:00 committee_full: Internal Market and Consumer Protection rapporteur: group: EFD name: SALVINI Matteo body: EP responsible: False committee: ITRE date: 2010-12-01T00:00:00 committee_full: Industry, Research and Energy rapporteur: group: ECR name: CHICHESTER Giles body: EP responsible: False committee: JURI date: 2011-02-28T00:00:00 committee_full: Legal Affairs rapporteur: group: S&D name: CASTEX Françoise body: EP responsible: True committee: LIBE date: 2010-12-09T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: PPE name: VOSS Axel
  • body: CSL meeting_id: 3071 council: Justice and Home Affairs (JHA) date: 2011-02-24T00:00:00 type: Council Meeting
  • date: 2011-06-15T00:00:00 body: EP committees: body: EP responsible: False committee: CULT date: 2010-11-18T00:00:00 committee_full: Culture and Education rapporteur: group: PPE name: KELLY Seán body: EP responsible: False committee: IMCO date: 2011-02-15T00:00:00 committee_full: Internal Market and Consumer Protection rapporteur: group: EFD name: SALVINI Matteo body: EP responsible: False committee: ITRE date: 2010-12-01T00:00:00 committee_full: Industry, Research and Energy rapporteur: group: ECR name: CHICHESTER Giles body: EP responsible: False committee: JURI date: 2011-02-28T00:00:00 committee_full: Legal Affairs rapporteur: group: S&D name: CASTEX Françoise body: EP responsible: True committee: LIBE date: 2010-12-09T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: PPE name: VOSS Axel type: Vote in committee, 1st reading/single reading
  • date: 2011-06-22T00:00:00 docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A7-2011-244&language=EN type: Committee report tabled for plenary, single reading title: A7-0244/2011 body: EP type: Committee report tabled for plenary, single reading
  • date: 2011-07-06T00:00:00 docs: url: http://www.europarl.europa.eu/oeil/popups/sda.do?id=20306&l=en type: Results of vote in Parliament title: Results of vote in Parliament url: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2011-323 type: Decision by Parliament, 1st reading/single reading title: T7-0323/2011 body: EP type: Results of vote in Parliament
committees
  • body: EP responsible: False committee: CULT date: 2010-11-18T00:00:00 committee_full: Culture and Education rapporteur: group: PPE name: KELLY Seán
  • body: EP responsible: False committee: IMCO date: 2011-02-15T00:00:00 committee_full: Internal Market and Consumer Protection rapporteur: group: EFD name: SALVINI Matteo
  • body: EP responsible: False committee: ITRE date: 2010-12-01T00:00:00 committee_full: Industry, Research and Energy rapporteur: group: ECR name: CHICHESTER Giles
  • body: EP responsible: False committee: JURI date: 2011-02-28T00:00:00 committee_full: Legal Affairs rapporteur: group: S&D name: CASTEX Françoise
  • body: EP responsible: True committee: LIBE date: 2010-12-09T00:00:00 committee_full: Civil Liberties, Justice and Home Affairs rapporteur: group: PPE name: VOSS Axel
links
other
  • body: EC dg: url: http://ec.europa.eu/justice/ title: Justice commissioner: REDING Viviane
procedure
dossier_of_the_committee
LIBE/7/05177
reference
2011/2025(INI)
title
Comprehensive approach on personal data protection in the European Union
legal_basis
Rules of Procedure of the European Parliament EP 052
stage_reached
Procedure completed
subtype
Strategic initiative
Modified legal basis
Rules of Procedure of the European Parliament EP 150
type
INI - Own-initiative procedure
subject
1.20.09 Protection of privacy and data protection