EU Parliament Approves Legislation for Data-Protection Reform


On March 12, 2014, the European Parliament approved a data-protection reform bill that would, among other things, increase the maximum fine for violating the EU's data-protection laws to €100 million or 5 percent of the violator's global annual turnover. The new reform is part of an effort to replace the existing and outdated EU Data Protection Directive, adopted in 1995, with the more modern and currently pending General Data Protection Regulation (GDPR).

While the GPDR is still subject to negotiations between the EU Council, the European Parliament and the European Commission, companies should take note of some significant changes that will occur if the GDPR becomes law. For example, prior to releasing an EU citizen's personal information to another country, a search engine, social-networking site or cloud-storage provider must obtain permission from a national data-protection authority in the EU and notify the individual who is the subject of the request.

Other important reform measures include —

  • Requiring companies to erase an individual's data upon his or her request;
  • Compelling companies to notify authorities of a data breach within 72 hours or as soon as it is feasible to do so;
  • Setting limits on a company’s ability to profile users of its services; and
  • Requiring Internet service providers to obtain an individual's explicit consent prior to processing his or her personal information.

A few aspects of the GDPR are still hotly contested among EU lawmakers. For example, Parliament is asking for much harsher fines in its draft of the GDPR than the €1 million or 2 percent of global annual turnover that the European Commission is seeking in its version. In addition, the EU Council has also failed to commit to a "one-stop shop" provision that would permit multinational companies to deal with a single EU Data Protection Authority.

In order for the GDPR to become law, three government bodies of the EU must formally adopt it: (1) the European Parliament; (2) the European Commission; and (3) the EU Member State representatives that make up the EU Council. Assuming the GDPR does not get bogged down in negotiations, lawmakers believe they will be able to agree on a final draft of the law before the end of the year.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomson Reuters Compliance Learning | Attorney Advertising

Written by:


Thomson Reuters Compliance Learning on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.