The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

EU Data Protection Reforms Outlined

Leave a comment

The EU Commissioner responsible for data protection recently outlined the growing contours of EU data protection reform legislation expected to issue early next year.  In a November 28 speech to the American Chamber of Commerce, Viviane Reding, Vice President of the EC Commission, and EU Justice Commissioner, spoke of her determination to deliver "a strong, consistent and future-proof framework for data protection, with consistent rules across all Member States and across all Union policies."

Commissioner Reding began her speech by outlining the challenges currently facing businesses operating under the EU’s 1995 data protection legislation.  First, EU data protection laws are fragmented between 27 EU member states, leading to varying legal interpretations and enforcement regimes.  Reding estimated that this fragmentation costs businesses €2.3 billion a year.  Second, fragmentation is inconsistent with the EU’s goal to unify its 27 member states in a single market by "making it difficult to sell or shop cross-border." Third, according to EU survey data, existing data protection rules do not have the confidence of consumers, thus inhibiting the adoption of new technologies such as cloud computing.

According to Commissioner Reding, the need for data protection has grown exponentially since 1995 "when the full potential of the Internet had not yet been realized.  In 1993 the Internet carried only 1% of all telecommunicated information.  By 2007, the figure was more than 97%."

Commissioner Reding went on to detail some specific regulatory reforms impacting businesses including: increased coordination between member state data protection authorities (DPAs); eliminating the requirement to notify data processing to DPAs; a single point of contact for companies dealing with multiple EU DPAs; and mutual recognition by DPAs of binding corporate rules approved by another DPA.  The Commissioner also outlined the individual data protection safeguards in the reform proposal, such as timely notification of data protection breaches to consumers.

Reding included in her remarks her position on the role of industry self-regulation.  According to the Commissioner, self-regulation "has an important, complementary role to play in this reform.  But let me be clear: self-regulation is not a fig-leaf for non-compliance; self-regulation only works if there is strong, legally binding regulation in the first place."


Author: Abigail Slater

Abigail Slater: Abigail Slater is a member of the New York Bar and a Solicitor in England and Wales. She is currently employed as an antitrust attorney by the Federal Trade Commission (FTC) in Washington D.C. Prior to the FTC, she worked in several offices of the international law firm Freshfields Bruckhaus Deringer. All views expressed are the author’s own and do not represent the views of the FTC or any individual Commissioner.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s