Monday

3rd Aug 2020

EU parliament passes grand data protection law

  • New EU data protection rules will take two years to be transposed into national laws (Photo: Alessio Milan)

One of the most heavily lobbied bills in the history of the European Parliament, on data protection, was passed into law on Thursday (14 April).

First proposed four years ago, the reformed EU data protection regulation is designed to meld different legal approaches in EU states into one single rulebook and to give people more control over their personal information.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

"The legislation will create an EU-wide data protection regime for the first time, replacing the outdated patchwork of national data protection rules," said German Green MEP Jan Phillip Albrecht, who spearheaded the regulation.

The regulation was voted in alongside a weaker legal instrument, a directive, that aims to provide a similar framework on police probes.

But while both promise to create a new gold standard on data protection rights for Europeans, outstanding issues on how they fits into a new EU-US Privacy Shield data-sharing pact remain.

The data package was also voted through after MEPs backed a controversial airline passenger data sharing agreement, which risks being challenged in front of the European Court of Justice in Luxembourg.

Lobbying

The importance of the new regulation was not lost on lobbyists who managed to force through numerous amendments in the bill during its stint at the European parliament.

MEPs tabled around 4,000 amendments. Some copy-pasted amendments made by giant US-based IT companies directly into the bill.

Among the most prolific was Belgian liberal Louis Michel, the father of Belgium's prime minister Charles Michel.

Michel had issued over 220 amendments, most of which undermined privacy rights in the bill.

The former EU commissioner, whose portfolio at the assembly deals primarily with Africa, later claimed he was unaware of the data amendments, then blamed his assistant whom he fired.

Joe McNamee, executive director of the Brussels-based European Digital Rights, said the lobbying campaign had removed "much of the ambition of the original data protection package".

Step up

Despite the wranglings, the regulation is still viewed as step up on protection rights and rules when compared to the old 1995 law, which it replaces.

People will now have the right transfer data to another service provider and the right to know if their data has been hacked. Data breaches will have to reported within 72 hours.

A right-to-be-forgotten provision allows people to ask their names to be removed from links in on line searches.

Firms that violate the rules can be fined up to 4 percent of the total global annual turnover or up to €20 million.

Complaints or possible violations will be handled by the data protection authority where the company has its headquarters.

The rules cover all businesses that handle data of EU citizens, even those not based in Europe.

The regulation enters into force over the summer at which point EU states will have two years to transpose it.

Police and surveillance

Centre-left Estonian MEP Marju Lauristin, who headed the file on the police directive, said her new legislation will also prohibit mass surveillance and lengthy, unjustified retention periods of data.

But last year France adopted a wide sweeping surveillance bill that allows authorities to monitor phone calls and emails without judicial approval and to install so-called black boxes internet service providers to hoover up data.

The UK and Sweden are also being challenged for similar moves in front of the European Court of Justice.

And the EU-US Privacy Shield was panned by EU data protection regulators earlier this week because it still allows US authorities broad discretion to bulk collect personal details.

MEPs set to back air-passenger data sharing

EU lawmakers are likely to pass the Passenger Name Records bill into law on Thursday despite outstanding questions on its costs, effectiveness and impact on civil liberties.

News in Brief

  1. France imposes new Covid-19 tests on visitors
  2. Brussels closes all mosques for Eid festival
  3. Amsterdam and Rotterdam tighten face mask measures
  4. UK tightens lockdown measures in north England
  5. EU banking watchdog warning on 26 banks
  6. 60,000 rally in Minsk ahead of Belarus election
  7. 'Better Regulation' is key for EU policy-making, auditors say
  8. Polish tribunal to examine EU gender-violence treaty

EUobserver under attack in wider battle for EU free press

If EU citizens want to know the truth, then journalists need protection from malicious litigation, as EUobserver joined the list of targets, over an article about the late Maltese journalist Daphne Caruana Galizia.

Stakeholders' Highlights

  1. UNESDANext generation Europe should be green and circular
  2. Nordic Council of MinistersNEW REPORT: Eight in ten people are concerned about climate change
  3. UNESDAHow reducing sugar and calories in soft drinks makes the healthier choice the easy choice
  4. Nordic Council of MinistersGreen energy to power Nordic start after Covid-19
  5. European Sustainable Energy WeekThis year’s EU Sustainable Energy Week (EUSEW) will be held digitally!
  6. Nordic Council of MinistersNordic states are fighting to protect gender equality during corona crisis

Latest News

  1. EU mishandling corona-travel, Belgian expert says
  2. France wants rule of law sanctions on recovery budget
  3. The three 'Elephants in Room' in EU-India relations
  4. First use of new EU sanctions against Russia, China hackers
  5. Six 'LGBTI-free' Polish cities left out of EU funding
  6. EU's new Security Union Strategy is a good first step
  7. US 'cavalry' leaving Germany to go back home
  8. Why is building renovation 'Cinderella' of EU Green Deal?

Join EUobserver

Support quality EU news

Join us