“The European Commission has today proposed a comprehensive reform of the EU’s 1995 data protection rules to strengthen online privacy rights and boost Europe’s digital economy”, the EC announced today.
First of all, before analyzing the content of the reform, it’s important to underline that EC chose to draft a Regulation and not a Directive. Regulations have binding force for all the Member States and they don’t need implementation laws in the domestic systems! This means that once the Data Protection Regulation enters into force, it will enter into force in all the Member States and all the Member States will have identical data protection rules! Directives, on the other hand, were binding only regarding the purpose they provide, Member States being able to chose the way they wished to implement their provisions. This will not be the case for the new European data protection system.
Regarding the content of the reform, I am absolutely convinced that a lot of comments will be made in the forthcoming months. I did not have time to study it in detail, but I have seen that the much expected “right to be forgotten” is a part of the legislative proposal.
More precisely, Article 17 of the regulation provides the data subject’s right to be forgotten and to erasure. “It further elaborates and specifies the right of erasure provided for in Article 12(b) of Directive 95/46/EC and provides the conditions of the right to be forgotten, including the obligation of the controller which has made the personal data public to inform third parties on the data subject’s request to erase any links to, or copy or replication of that personal data. It also integrates the right to have the processing restricted in certain cases, avoiding the ambiguous terminology “blocking””, as shown in the document released today.
“Article 18 introduces the data subject’s right to data portability, i.e. to transfer data from one electronic processing system to and into another, without being prevented from doing so by the controller. As a precondition and in order to further improve access of individuals to their personal data, it provides the right to obtain from the controller those data in a structured and commonly used electronic format.”
I have also seen that most of the existing data subject’s rights were modified with the purpose of strengthening them.
I will return to the topic in the next days. Until then, here are some very useful links:
The text of the Regulation
The Impact Assessment of the Reform
How will EU’s data protection reform make international cooperation easier?