On January 25, 2012, Vice-President of the European Commission for Justice, Viviane Reding, officially presented the Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (the “Regulation”). The long awaited legislative proposal sets out new standards and requirements for the protection of personal data in the European Economic Area (“EEA”). Once adopted, the Regulation will replace the existing Data Protection Directive 95/46/EC and will directly apply not only to organizations established in the EU/EEA, but also to other organizations that collect and process EU/EEA residents’ personal data. The aim of the Regulation is to update the EU’s 15-year-old data protection framework, and to harmonize privacy laws across the Member States.

Upon its publication, the Regulation will be sent to the Council of the European Union (an institution representing each of the national governments) and the European Parliament (composed of representatives elected by EU citizens). These two institutions must agree on a final text before the Regulation can be adopted as law; changes to the text are therefore very likely.