To link to this article, copy this persistent link:

(Mar 28, 2014) On March 12, 2014, the European Parliament voted on a first reading of a major reform of European Union legislation on personal data protection, which had been proposed by the European Commission in 2012. The proposal consists of two major legislative pieces:

a) a comprehensive Regulation that will replace the outdated 1995/43/EC Directive on the subject and result in uniform application of the rules on personal data; and

(b) a Directive on protecting personal data processed for the purposes of prevention, detection, investigation, or prosecution of criminal offenses and related judicial activities.

The draft Regulation was adopted by 621 votes, with 10 against and 22 absent. The draft Directive was approved by 371 MPs, with 276 voting against it and 30 absent. (Press Release, European Parliament, MEPs Tighten Up Rules to Protect Personal Data in the Digital Era (Mar. 12, 2014).) The new rules adopted by the Parliament focus on the following issues.

Data Transfers to Non-EU Countries

Due to surveillance activities conducted by the U.S. National Security Administration (NSA) on American citizens, which also encroached on the privacy and personal data of EU citizens, the Parliament paid particular attention to data transfers to non-EU countries. Under the proposal, any firm, including any cloud services provider, social network, or search engine, is required to obtain prior authorization from a national data protection authority in the EU before allowing access to an EU citizen's personal data. Another important requirement is that the firm must inform the person concerned whose data will be accessed. (Id.)


While the European Commission had proposed fines of the larger of either €1 million (about US$1.38 million) or 2% of the fined company's world-wide annual turnover, the Parliament recommended stiffer penalties, up to €100 million (about US$138 million), or up to 5% of the organization's annual world-wide turnover, whichever is larger. (Id.)


The Parliament's proposal also endorses the right of EU citizens to have their personal data deleted (the right to be forgotten) and imposes additional restrictions on "profiling" through such acts as using personal data to make predictions about a person's performance at work. Moreover, Internet service providers must use clear and unambiguous language to explain privacy policies and use of personal data. (Id.)

The proposal will next be voted on by the upcoming Parliament, which will be in place following elections in May 2014. (Id.)

Author: Theresa Papademetriou More by this author
Topic: Crime and law enforcement More on this topic
 Right of privacy More on this topic
Jurisdiction: European Union More about this jurisdiction

Search Legal News
Find legal news by topic, country, keyword, date, or author.

Global Legal Monitor RSS
Get the Global Legal Monitor delivered to your inbox. Sign up for RSS service.

The Global Legal Monitor is an online publication from the Law Library of Congress covering legal news and developments worldwide. It is updated frequently and draws on information from the Global Legal Information Network, official national legal publications, and reliable press sources. You can find previous news by searching the GLM.

Last updated: 03/28/2014