"Where there is no vision, the people perish: but he that keepeth the law, happy is he."
-- Proverbs 29:18, King James Bible (KJV)

Saturday, April 16, 2016

New European Union (EU) Data Protection Rules Governing Police Cooperation and Citizens' Digital Rights Passed by the European Parliament as the General Data Protection Regulation (GDPR)

We reproduce here a press release from the European Union Parliament on new rules regarding digital rights, the General Data Protection Regulation (GDPR)  ["REGULATION (EU) 2016/… OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL ... of ... on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)"]

European Parliament PLENARY SESSION Press Release of April 14, 2016
Police cooperation / Citizens' rights / Justice and home afairs

"Data protection reform - Parliament approves new rules fit for the digital era


New EU data protection rules which aim to give citizens back control of their personal data and create a high, uniform level of data protection across the EU fit for the digital era was ["were", sic] given their final approval by MEPs on Thursday. The reform also sets minimum standards on use of data for policing and judicial purposes.

Parliament’s vote ends more than four years of work on a complete overhaul of EU data protection rules. The reform will replace the current data protection directive, dating back to 1995 when the internet was still in its infancy, with a general regulation designed to give citizens more control over their own private information in a digitised world of smartphones, social media, internet banking and global transfers.

"The general data protection regulation makes a high, uniform level of data protection throughout the EU a reality. This is a great success for the European Parliament and a fierce European 'yes' to strong consumer rights and competition in the digital age. Citizens will be able to decide for themselves which personal information they want to share", said Jan Philipp Albrecht (Greens, DE), who steered the legislation through Parliament.

"The regulation will also create clarity for businesses by establishing a single law across the EU. The new law creates confidence, legal certainty and fairer competition", he added.

The new rules include provisions on:
  • a right to be forgotten,
  • "clear and affirmative consent" to the processing of private data by the person concerned,
  • a right to transfer your data to another service provider,
  • the right to know when your data has been hacked,
  • ensuring that privacy policies are explained in clear and understandable language, and
  • stronger enforcement and fines up to 4% of firms' total worldwide annual turnover, as a deterrent to breaking the rules.
New rules on data transfers to ensure smoother police cooperation

The data protection package also includes a directive on data transfers for policing and judicial purposes. It will apply to data transfers across borders within the EU as well as, for the first time, setting minimum standards for data processing for policing purposes within each member state.

The new rules aim to protect individuals, whether victims, criminals or witnesses, by setting out clear rights and limitations on data transfers for the purpose of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security, while at the same time facilitating smoother and more effective cooperation among law enforcement authorities.

"The main problem concerning terrorist attacks and other transnational crimes is that member states’ law enforcement authorities are reluctant to exchange valuable information", said Parliament's lead MEP on the directive Marju Lauristin (S&D, ET)."By setting European standards for information exchange between law enforcement authorities, the data protection directive will become a powerful and useful tool which will help authorities transfer personal data easily and efficiently, at the same time respecting the fundamental right to privacy", she concluded.

More details on the general data protection regulation and the directive in our Q&A here.

Next steps

The regulation will enter into force 20 days after its publication in the EU Official Journal. Its provisions will be directly applicable in all member states two years after this date.

Member states will have two years to transpose the provisions of the directive into national law.

Due to UK and Ireland's special status regarding justice and home affairs legislation, the directive's provisions will only apply in these countries to a limited extent.

Denmark will be able to decide within six months after the final adoption of the directive whether it wants to implement it in its national law.

REF.: 20160407IPR21776
Updated: 14-04-2016 - 16:23"
[this is the snipped end of the press release and what follows is EU Pundit text]

Contact for the press release: Rikke Uldall at the European Parliament Press Service ... please go to this link: the EU original page of the press release.

The European Data Protection Supervisor (EDPS) has a posting about this new Directive at One giant leap for digital rights.

Crossposted at EUPundit.


New LawPundit RSS Feeds: Legal Tech - ABA Journal, European Union – EU Newsroom, Software Smartphones Tablets PCs - Foss Patents, U.S. Supreme Court - ABA, Out-Law News - Pinsent Masons (UK)

Google is dropping its newsreel gadget function from Blogger, so we have replaced it in the right column of LawPundit with the following RSS Feeds (showing that RSS is by no means an outdated technology):
  • Legal Technology - ABA Journal Daily News (USA)
  • European Union – EU Newsroom (EU)
  • Software, Smartphones, Tablets, PCs - Foss Patents (World)
  • U.S. Supreme Court - ABA Journal Daily News (USA)
  • Out-Law News - Pinsent Masons UK)
Click the links in the right column to get the newest news on those topics.