Dis/Agreeing on European Data Protection Reform

European data protection officials are continuing to work out the details on European data protection reform. The latest debates are over a split on provisions on “territorial scope.” The European Commission insists that the legislation must cover non-EU entities that process the data of EU citizens. However, insiders have reported that officials cannot reach an agreement on the detail of the scope.


Since the 1990s, a uniquely European approach to data protection has developed. This approach is firmly grounded in a constitutional recognition of the right to privacy. The “right to the protection of personal data” has evolved to become a modern fundamental right in the EU. In the face on ongoing transformations that have been fuelled by information and communications technology, the full impact of these rights may not be fully understood until much later.

The European Parliament has been working on a significant overhaul of EU data protection legislation in order to ensure that Europeans’ data are safe both on- and offline. The civil liberties committee is preparing its position on a legislative package proposed by the European Commission which will replace the current legislation, dating back from 1995.

Several important changes include:

  • Requiring that companies request consent before processing personal data
  • People’s right to have their information deleted upon request
  • Requiring companies to clearly explain their data protection policies

According to a recent Eurobarometer survey, 70 percent of Europeans are concerned that their personal data may be misused by companies. Only 26 percent of respondents felt they had complete control over information disclosed on social networking sites, and even fewer online shoppers (just 18 percent) felt that they were in complete control of their data.

Piecing Together the Final Draft

Members of the European Parliament met in Strasbourg on May 22, 2013 to take a look at thousands of amendments. They intended to put together the Parliament’s final draft before it goes forward to an orientation vote in the civil liberties committee, potentially in early July.

The reformed regulation aims to increase the fundamental rights of EU citizens by harmonizing data protection guarantees across the EU under a single law. Some major areas of debate included:

  • Uncertainty on which individuals are covered by the proposed regulation (i.e. people when they are present in the EU or those outside the EU)
  • Information regarding the collection of personal data, which must be provided from the data collector, to the data subject (e.g. identity, contact details of the collector, length of time the data will be stored)
  • Requiring companies to maintain documentation of all processing operations under its responsibility

Complaints of Confusion

Naturally, a significant number of organizations have declared that they simply do not understand the data protection reforms being proposed by the European Union. The UK Information Commissioner’s Office (ICO) recently conducted a survey which found that 40 percent of companies do not comprehend exactly what is being asked of them when it comes to securing data. A staggering 87 percent also suggested that they would not be able to estimate the likely costs of adhering to the proposed regulations.

The Information Commissioner Christopher Graham said that few people actually disagree with the need for a reformed set of laws regarding data protection in Europe. Graham said:

“But to deliver real improvements, it’s crucial that legislation is developed that better reflects the way personal information is used today and will be used in the future. There is now a need to continue the debate with valid evidence, as the move to revamp data protection rules is too important to be based on guesswork.”


This article offers a brief update on the status of the ongoing European data protection reforms, which aim to update almost two decade old data legislation throughout Europe.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/European Privacy (CIPP/E), a privacy professional should be comfortable with topics related to this post, including:

  • EU Data Protection Directive – 95/46/EC (I.C.b.)
  • National data protection laws across Europe (I.C.e.)
  • Supervisory authorities and their powers (II.J.a.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>