The European Commission has proposed a review of the 1995 Data Protection Directive in a bid to keep up with fast paced technological development in the digital world. The Commission hopes new rules will strengthen online privacy, cut down burdensome administrative costs and reinforce consumer trust online. The Commission’s proposals will be passed to European Parliament and EU Member States for discussion and would take effect two years from adoption. Key projected changes are for:
– A single set of rules on data protection which will be valid across the EU and a single national data protection authority in each EU country;
– Less heavy administrative duties such as notification requirements for data controllers;
– A shift towards increased responsibility and accountability for data processors, for example introducing an obligation on organisations to notify a national supervisory authority of serious data breaches within 24 hours;
– Consent for data processing to be required explicitly, rather than on the basis of an assumption;
– Easier access for individuals to their own personal data and simplifying the ability to delete data (the ‘right to be forgotten’); and
– Empowerment of national data protection authorities to administer fines for breach of EU data protection rules.