EU Council sets out data protection considerations


Back to the overview
On 24 February, the European Union Council of Ministers adopted Conclusions on the Commission's plans to review the data protection framework as outlined in the Commission's Communication on "A comprehensive approach on personal data protection in the European Union".

In the Conclusions, the European Justice Ministers make the following key points:

- The EU data protection principles are still valid and must be respected in all future legislative acts - however, emerging business and technological developments require a thorough evaluation;
- The lack of proper harmonisation has led to a situation where the Data Protection Directive's objective of the free movement of data is not fully achieved;
- The impact of new technologies on the protection of personal data must be carefully examined, in particular with regard to the need to inform data subjects in simple language about the impact of new technologies on their privacy and to provide 'privacy by default' options;
- The Commission should explore the possibility of including a provision on 'privacy by design' and to promote privacy-enhancing technologies (PET);
- The special protection of sensitive personal data should remain a core element of the Commission proposal. In this context, the Council invites the Commission to assess whether the categories of sensitive data should be expanded
- Privacy seals (EU certification schemes) and self-regulatory initiatives involving close cooperation with industrial stakeholders should be explored, as they are "promising in ensuring a higher level of protection for individuals and in raising awareness". The role of data protection authorities in ensuring compliance in both instances should also be explored;
- EU standard privacy information notices should be considered by the Commission
- The Council is of the opinion that while prime responsibility and accountability for the protection of personal data must rest with the data controller (who benefits from the use of such data), there is also a major need to increase the data subject's awareness of the implications of sharing his personal data;
- The introduction of a right to be forgotten should be explored.

Unlike the Commission and the Parliament who regularly specify the online advertising industry, the Council stays away from identifying any particular industry sector that would be responsible for prompting a revision.

The Council also "Holds the view that special attention must be given to the issue of data protection within groups of companies as well as the processing of personal data in the context of employment relationships."

Finally, the Council gives a special attention to the protection of personal data in the context of Member States' police and judicial cooperation in criminal matters. Data collection and processing by third countries are also an area of concern.

Next steps: The European Commission is currently analysing the responses to the public consultation submitted by stakeholders and interested parties. The Commission is expected to publish a proposal by mid-2011. Meanwhile, the European Parliament is preparing an own-initiative report on the Commission's proposals to revise the EU Data Protection legal framework, tentatively scheduled for adoption in plenary in June 2011.

For more information please contact Malte Lohn

Sign up to monthly WFA news