On November 4, 2010, the European Commission released a proposal for "a comprehensive approach on personal data protection in the European Union" (the "Proposal") which would modify current Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 ("Directive 95/46"). The Commission’s Proposal sought to modernize the EU legal system for the protection of personal data, and carried with it a mandate to present legislative proposals in 2011. The Proposal was shared with interested parties and debated throughout the first-half of 2011.The language of the Proposal, as well as the outcomes of those subsequent debates, highlighted the EU’s concerns about the current practice of data privacy in a variety of arenas, including international business.

While the most direct effects of the Proposal would fall on the operation of the European Union’s Member States, some of the Proposal’s language and subsequent debate necessarily impacts multinational corporations, including those based in the United States. The most significant areas touched upon include: Member State Autonomy in the Evaluation of Safe Data Practices; Sensitive Data stored in Cloud Computing Systems; Information shared on U.S.-based Social Networks; and the Philosophy of EU Privacy and European Personal Data. This article explores the historical (and current) operation of Directive 95/46, and examines the impact that this new Proposal might have on U.S. multinational corporations, both from the Proposal’s written language and the political discussions which surround it.