In November 2010, the European Commission released a communication document setting out its comprehensive approach to personal data protection in the EU, including its plans for modernisation in light of rapid technological developments. In particular, the Commission noted the challenges and problems that have been caused by the use of social networking sites, geo-location services (like Google’s Latitude service) and cloud computing – which can involve the loss of an individual’s control of their potentially sensitive information.
The Commission plans to propose legislation in 2011 revising the legal framework for data protection. The Commission has acknowledged the need for a more unified, consistent approach to data protection regulation across member states. The current necessity of complying with multiple national regimes has caused significant costs to multi-national companies.
The Commission set out five key objectives, which will be issues to watch in 2011.
• Strengthening individuals’ rights – the Commission highlighted the need for transparency in processing and areas where additional measures may be required to deal with developing technology for example, location data and ‘data mining’ technologies. It will consider whether it is necessary to strengthen existing sanctions.
• Enhancing the internal market dimension – The Commission will examine means to achieve further harmonisation of data protection rules at EU level through the revision and clarification of existing laws to provide the same degree of protection, irrespective of geographic location.
• Revising the data protection rules in the area of police and judicial cooperation in criminal matters – the Commission will consider the extension of the application of general data protection rules to the areas of police and judicial cooperation in criminal matters (including for processing at a domestic level) and for harmonised limitation to certain data protection rights of individuals.
• The global dimension of data protection – the Commission plans to improve and streamline the current procedures for international data transfers to ensure a more uniform EU approach to transfers to third countries and clarify the Commission’s adequacy procedures.
• A stronger institutional arrangement for better enforcement of data protection rules – The Commission will examine how to strengthen, clarify and harmonise the powers of the national data protection authorities. It will also consider how to ensure a more consistent application of EU data protection rules across the internal market.