European Parliament passes tougher data protection laws

Rules aimed at streamlining legislation between member states

MEPs voting in Strasbourg on Thursday Photograph: Reuters
MEPs voting in Strasbourg on Thursday Photograph: Reuters

The European Parliament has voted through tougher rules on data protection, aimed at boosting privacy and giving authorities greater powers to take action against companies that breach the rules.

The rules, including the much-needed General Data Protection Regulation (GDPR), were four years in the making and form the new backbone of laws for data regulators to pursue companies with heavy fines - as much as 4 per cent of annual turnover for global companies - for incidents such as data breaches, which have become increasingly common.

Viviane Reding, MEP and former vice-president of the European Commission who proposed the changes in 2012, said: "This is a historic day for Europe. This reform will restore trust in digital services today, thereby reigniting the engine for growth tomorrow.

“There can be no freedom without security, and no security without freedom. Today’s concomitant adoption of these three legislations sends a strong signal that national security and data protection can and must go hand in hand.”

READ MORE

National rules

The new data privacy laws comprise of the GDPR, which governs the use and privacy of EU citizens’ data, and the Data Protection Directive, which governs the use of EU citizens’ data by law enforcement.

Together they aim to create strong data protection law for Europe’s 500 million citizens; streamline legislation between the 28 member states pushing a digital single market and boost police and security cooperation. It is due to replace the outdated patchwork of national rules that have only allowed for small fines in cases of violation.

The new laws have already proved controversial with companies wishing to operate with EU citizens’ data, placing an administrative burden on some, including those based outside of Europe.

The next step in strengthening of data regulation across the EU is an overhaul of the ePrivacy Directive, which will now commence in earnest, to bring it inline with the changes laid out in the GDPR.

Passenger name data

The European Parliament also voted through the EU Passenger Name Record (PNR), which aims to aid law enforcement in tracking people’s movement across Europe.

EC's first vice-president Frans Timmermans, vice-president of the Digital Single Market Andrus Ansip, and Commissioner for Justice, Consumers and Gender Equality Vera Jourova, said: "These new rules come at a time when improved cooperation in the fight against terrorism and other serious crime is more necessary than ever, as shown by the recent terrorist attacks in Paris and Brussels."

Ms Reding added: “Faced with the transnational nature of the digital revolution and the fight against terror, EU-wide rules are the only solution to our problems.

“PNR is an important tool to track terrorists flying in and out of Europe in a much wider toolkit, which should also include the systematic sharing of information in all EU databases.”

Guardian service