We are getting some really interesting happening in the EU when it comes to revolutionising the EU Directive on Data Protection. Thanks to the summary provided by Panoticon blog.
The Memo from the European Commission, that has been approved, gives the following reforms that will make doing business simpler for EU companies, and they are significant! So here they come the 4 pillars of reform, or at least a summary of them. If you want to read the full Monty, go here.
Pillar One: One continent one law…
The European Parliament agrees that the new data protection law for the private and public sector should be a Regulation, and no longer a Directive. The Regulation will establish a single, pan-European law for data protection, replacing the current inconsistent patchwork of national laws. Companies will deal with one law, not 28.
Pillar Two: Non-European companies will have to stick to European data protection law if they operate on the European market. What this means is that non-European companies will have to apply the same rules as their European counterparts. European regulators will be equipped with strong powers to enforce this.
Pillar Three: The Right to be Forgotten/ The Right to Erasure
The right to be forgotten builds on already existing rules to better cope with data protection risks online. If an individual no longer wants his or her personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system.
The right to be forgotten is not an absolute right. For example there are cases where there is a legitimate reason to keep data in a data base, e.g. archives of newspapers. In addition the right to be forgotten includes an explicit provision that ensures it does not encroach on the freedom of expression and information.
Pillar Four: A “One-stop-shop” for businesses and citizens
The Regulation will establish a ‘one-stop-shop’ for businesses. What this means is that companies established and operating in several Member States will only have to deal with a single national data protection authority not 28, making it simpler and cheaper for companies to do business in the EU.