The EU Commissioner responsible for data protection recently outlined the growing contours of EU data protection reform legislation expected to issue early next year. In a November 28 speech to the American Chamber of Commerce, Viviane Reding, Vice President of the EC Commission, and EU Justice Commissioner, spoke of her determination to deliver "a strong, consistent and future-proof framework for data protection, with consistent rules across all Member States and across all Union policies."
Commissioner Reding began her speech by outlining the challenges currently facing businesses operating under the EU’s 1995 data protection legislation. First, EU data protection laws are fragmented between 27 EU member states, leading to varying legal interpretations and enforcement regimes. Reding estimated that this fragmentation costs businesses €2.3 billion a year. Second, fragmentation is inconsistent with the EU’s goal to unify its 27 member states in a single market by "making it difficult to sell or shop cross-border." Third, according to EU survey data, existing data protection rules do not have the confidence of consumers, thus inhibiting the adoption of new technologies such as cloud computing.
According to Commissioner Reding, the need for data protection has grown exponentially since 1995 "when the full potential of the Internet had not yet been realized. In 1993 the Internet carried only 1% of all telecommunicated information. By 2007, the figure was more than 97%."
Commissioner Reding went on to detail some specific regulatory reforms impacting businesses including: increased coordination between member state data protection authorities (DPAs); eliminating the requirement to notify data processing to DPAs; a single point of contact for companies dealing with multiple EU DPAs; and mutual recognition by DPAs of binding corporate rules approved by another DPA. The Commissioner also outlined the individual data protection safeguards in the reform proposal, such as timely notification of data protection breaches to consumers.
Reding included in her remarks her position on the role of industry self-regulation. According to the Commissioner, self-regulation "has an important, complementary role to play in this reform. But let me be clear: self-regulation is not a fig-leaf for non-compliance; self-regulation only works if there is strong, legally binding regulation in the first place."