EU: Revision of the EU Data Protection Directive - the fog is lifting

The time for presenting the draft of the revised EU Data Protection Directive is getting closer. In her speech on the subject of data protection reform and social media on November 29, 2011 Viviane Reding gave us an insight into the possible future structures of the revised Directive.

The following two main objectives of the reform have been recognized for quite some time. Data subjects should be given greater control over their own data, and data protection law in the member states should be standardized in order to create a level playing field for organizations throughout Europe. In her speech Mrs. Reding set out how these objectives might be achieved. Corporations are likely to be particularly interested in the revelation that there is a willingness to re-think old habits. One example of this is that there will no longer be a general obligation to register data protection processes with the supervisory authorities.

And corporations that operate throughout Europe and have branches in a variety of different countries should also sit up and pay attention. Mrs. Reding revealed a willingness to reduce the administrative burden that these corporations face simply because they are subject to a wide range of regulations and have to deal with various different supervisory authorities. In the future these corporations shall be subject to just one set of regulations and shall face supervision by just one central authority.

Another area getting a re-think is the method by which data is conveyed. Mrs. Reding is focusing here on Binding Corporate Rules which, in the revised procedure, should facilitate faster and less expensive approval.

The advantages provided by the new regulations are counter-balanced by some new duties which corporations have to accept. In particular, the transparency of data processing is to be augmented. In order to improve transparency there is to be, amongst other things, a general obligation to report instances where third parties acquire unauthorized access to personal data - in short, data breaches - and this will form part of the new regulations.

Up to this point speeches and announcements have principally focused on objectives; with this speech, however, we are beginning to see some of the possible structures of the forthcoming Data Protection Directive. There is a strong likelihood that the structures referred to will be included in the draft, given that the draft is due to be published at the beginning of 2012; this rather suggests that key regulations and corner stones must have been agreed already. Corporations that operate throughout Europe should pay particular attention and can look forward to a significant reduction in the administrative burdens caused by registration requirements. However, the jury is still out when it comes the effects that will be felt in reality when the branches of individual corporations come to deal with possible foreign legislation and foreign languages.

Further information:

europa.eu/rapid/pressReleasesAction.do