The protection of personal data online has always been a major concern for citizens across the European Union member states, to the extent that over nine in ten (91%) Europeans asked for the creation of a Digital Single Market, something which would tear down regulatory walls across member states by putting aside the existing fragmented patchwork of 28 markets.
The current EU legislation – introduced in 1995 – has failed to cool the negative perceptions that people surfing the internet usually reveal more than they think they do, with only a minority of Europeans (15%) feeling they have complete control over the information they share online. In the UK, people are slightly more likely to think that they have a stronger control over their data (18%), but the results from the last Data Protection Eurobarometer suggest that Europeans’ trust and confidence in data protection are still affected by legal fragmentation and the lack of effective common standards.
Although the 1995 Data Protection Directive guarantees the defence of the fundamental right to data protection overall, EU legislation has so far produced inconsistencies across the European Union due to the different ways each member state has nationally implemented the aforementioned Directive.
In an attempt to overcome this legal fragmentation, the European Parliament, The European Council and the European Commission reached an agreement in December 2015 on a new EU Data Protection Reform which hopes to make Europe fit for the digital age by strengthening citizen’s fundamental rights and simplifying rules for companies in the Digital Single Market.
But what will change under the new legislation? What are the benefits for citizens and business? And when will the new legal framework come into force?
From the point of view of citizens, the new EU legislation provides people tools for gaining further control on their personal information. Indeed, with the regulation demanding data users to provide a clear and understandable description of the way they use and process data, individuals will have an easier access to their information. Moreover, a so called ‘right to data portability’ will be introduced, enabling European citizens to transmit personal data between service providers. Not only this, but there are big steps towards a more complete privacy protection that will assure the individual the ‘right to be forgotten’, that is to say that when Europeans no longer want their data to be processed, the data will be deleted.
To further protect individuals, under the new regulation companies and organisations will have to notify to the national supervisory authority of any data breaches that might occur to their database and communicate the risks immediately to the data subjects. Furthermore, data protection authorities will also be able to fine companies who do not comply with the new legislation by up to four per cent of their global annual turnover.
From the point of view of businesses, the new EU legislation hopes to finally put aside the current fragmentation and costly administrative weights, allowing companies to save around 2.3 billion a year collectively. How would the new legislation help creating business opportunities? By creating a single European market for data, companies would have to comply with one single supervisory authority, making life simpler and cheaper for firms. Not only this, but by ensuring legal certainty for businesses and with the new right of data portability, individuals will be able to move their personal data from one service provider to another. This change should greatly help start-ups and smaller companies to access a market so far dominated by tech giants.
With the value of European’s personal data destined to grow to nearly trillion annually by 2020, it is now clear that the European Union can not wait any longer to create a single data market fit for the digital age. By encouraging innovation and a proper, sustainable and respectful use of big data, the new regulation will have enormous impact on the EU economic growth. Despite the important step towards the creation of a pan-european data market, there’s still a long way to go, and, more specifically, to wait. Indeed, only once the regulation has been formally adopted by the European Parliament and the European Council will it be published in the Official Journal of the EU. Once this step has been ticked off, the new rules will become applicable two years thereafter.
Special Eurobarometer 431, Data protection – European Commission
Simone Grassi, Bristol Is Open