14 April 2016, France :
After 4 years of discussions, new EU-wide privacy rules will come into force in 2018. The European Parliament today voted in favour of major reforms to data protection in the EU, first put forward in January 2012 as a replacement for the current rules, which were drawn up in 1995.
There are two components to the new law: the General Data Protection Regulation (GDPR), which is designed to give EU citizens better control of their personal data, and the Data Protection Directive, which covers how personal data is used by police in the EU.
The Greens MEP Jan Philipp Albrecht, who did more than anyone to shepherd the GDPR through the legislative process, said afterwards: “The new rules will give users back the right to decide on their own private data. Businesses that have accessed users’ data for a specific purpose would generally not be allowed to transfer the data without the user being asked. Users will have to give clear consent for their data to be used.”
The accompanying Data Protection Directive is more concerned with police and criminal justice systems. It is designed to protect your fundamental right to data protection when personal information is being used for criminal law enforcement purposes, whether you are a victim, criminal, or witness. It will also permit law enforcement authorities to exchange data more efficiently and effectively, the European Commission claims. As well as saving time and money, the hope is that this will allow the authorities to “prevent crime under conditions of legal certainty, fully in line with the Charter of Fundamental Rights,” as the Commission’s FAQ puts it.
In a joint statement, EC commissioners Frans Timmermans and Věra Jourová welcomed the adoption, adding: “The new rules will ensure that the fundamental right to personal data protection is guaranteed for all. The General Data Protection Regulation will help stimulate the Digital Single Market in the EU by fostering trust in online services by consumers and legal certainty for businesses based on clear and uniform rules.”
It’s pretty clear the new law will also be a boon for law firms, which are already touting data protection compliance expertise, anticipating an inrush of companies concerned to avoid the risk of future fines.
The new rules include provisions on:
1- a right to be forgotten,
2- “clear and affirmative consent” to the processing of private data by the person concerned,
3- a right to transfer your data to another service provider,
4- the right to know when your data has been hacked,
5- ensuring that privacy policies are explained in clear and understandable language, and
stronger enforcement and fines up to 4% of firms’ total worldwide annual turnover, as a deterrent to breaking the rules.
Source : europarl.europa.eu