Andrus Ansip, Vice-President for the Digital Single Market, said: "Today's agreement is a major step towards a Digital Single Market. It will remove barriers and unlock opportunities. The digital future of Europe can only be built on trust. With solid common standards for data protection, people can be sure they are in control of their personal information. And they can enjoy all the services and opportunities of a Digital Single Market. We should not see privacy and data protection as holding back economic activities. They are, in fact, an essential competitive advantage. Today's agreement builds a strong basis to help Europe develop innovative digital services. Our next step is now to remove unjustified barriers which limit cross-border data flow: local practice and sometimes national law, limiting storage and processing of certain data outside national territory. So let us move ahead and build an open and thriving data economy in the EU – based on the highest data protection standards and without unjustified barriers."
V?ra Jourov?, Commissioner for Justice, Consumers and Gender Equality said, "Today we deliver on the promise of the Juncker Commission to finalize data protection reform in 2015. These new pan-European rules are good for citizens and good for businesses. Citizens and businesses will profit from clear rules that are fit for the digital age, that give strong protection and at the same time create opportunities and encourage innovation in a European Digital Single Market. And harmonised data protection rules for police and criminal justice authorities will ease law enforcement cooperation between Member States based on mutual trust, contributing to the European Agenda for Security."
The Reform consists of two instruments:
A fundamental right for citizens
The reform will allow people to regain control of their personal data. Two-thirds of Europeans (67%), according to a recent Eurobarometer survey, stated they are concerned about not having complete control over the information they provide online. Seven Europeans out of ten worry about the potential use that companies may make of the information disclosed. The data protection reform will strengthen the right to data protection, which is a fundamental right in the EU, and allow them to have trust when they give their personal data.
The new rules address these concerns by strengthening the existing rights and empowering individuals with more control over their personal data. Most notably, these include:
Clear modern rules for businesses
In today's digital economy, personal data has acquired enormous economic significance, in particular in the area of big data. By unifying Europe's rules on data protection, lawmakers are creating a business opportunity and encouraging innovation.
Benefits for big and small alike
The data protection reform will stimulate economic growth by cutting costs and red tape for European business, especially for small and medium enterprises (SMEs). The EU's data protection reform will help SMEs break into new markets. Under the new rules, SMEs will benefit from four reductions in red tape:
Protecting personal data in the area of law enforcement
With the new Data Protection Directive for Police and Criminal Justice Authorities, law enforcement authorities in EU Member States will be able to exchange information necessary for investigations more efficiently and effectively, improving cooperation in the fight against terrorism and other serious crime in Europe.
The Data Protection Directive for Police and Criminal Justice Authorities takes account of the specific needs of law enforcement, respects the different legal traditions in Member States and is fully in line with the Charter of Fundamental Rights.
Individuals' personal data will be better protected, whenprocessed for any law enforcement purpose including prevention of crime. It will protect everyone – regardless of whether they are a victim, criminal or witness. All law enforcement processing in the Union must comply with the principles of necessity, proportionality and legality, with appropriate safeguards for the individuals. Supervision is ensured by independent national data protection authorities, and effective judicial remedies must be provided.
The Data Protection Directive for Police and Criminal Justice Authorities provides clear rules for the transfer of personal data by law enforcement authorities outside the EU, to ensure that the level of protection of individuals guaranteed in the EU is not undermined.
Next steps
Following political agreement reached in trilogue, the final texts will be formally adopted by the European Parliament and Council at the beginning 2016. The new rules will become applicable two years thereafter.
The Commission will work closely with Member State Data protection authorities to ensure a uniform application of the new rules. During the two-year transition phase, the Commission will inform citizens about their rights and companies about their obligations.
Data Protection Authorities will work more closely together in the future, especially through the one-stop shop mechanism to solve cross-border data protection cases.