Skip to content. | Skip to navigation

Personal tools
Sections
You are here: Home topics Data protection in the EU
Document Actions

Data protection in the EU

Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose. Persons or organisations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law. Common EU rules have been established to ensure that people's personal data enjoys a high standard of protection everywhere in the EU. You have the right to complain and obtain redress if your data is misused anywhere within the EU. The EU's Data Protection Directive also foresees specific rules for the transfer of personal data outside the EU to ensure the best possible protection of your data when it is exported abroad.

Data-Driven Economy
With data collection and exploitation on the increase, the European Commission has responded to industry and grass-roots demands by calling on national governments to wake-up to this “big data” revolution.

The Data Retention Directive
The Data Retention Directive was adopted in the aftermath of the terrorist attacks in Madrid in 2004 and London in 2005 as there was a sense of urgency to harmonise the European efforts to investigate and prosecute the most serious crimes.

Restoring Trust in EU-US data flows
The European Commission has set out actions to be taken in order to restore trust in data flows between the EU and the U.S., following deep concerns about revelations of large-scale U.S. intelligence collection programmes, which have had a negative impact on the transatlantic relationship.

EU-US agreement on the transfer of Passenger Name Record (PNR) data
In 2011 the EU and the US agreed on a new PNR Agreement regulating the transfer of Passenger Name Record (PNR) by air carriers to the US. This agreement entered into force on 1 July 2012, replacing the previous one from 2007. It provides for a first joint review one year after its entry into force and regularly thereafter.

Data protection rules: backing from European Parliament Industry committee
The European Parliament’s Industry, Research and Energy Committee (ITRE) has given its backing to Commission proposals to reform the EU’s data protection rules which date back to 1995. The vote on the Committee’s opinion, drafted by Member of the European Parliament Seán Kelly, is the latest step towards a swift adoption of the proposed legislation. The Committee’s opinion – which covers the draft general Data Protection Regulation – will now be submitted to the Civil Liberties, Justice and Home Affairs Committee (LIBE), which will consolidate all the amendments submitted so far and vote on its own report at the end of April.

EU Directive 2002/58 on Privacy and Electronic Communications
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

Data protection reform - guide
The European Commission has today proposed a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy. Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used. In addition, the 27 EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement. A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. The initiative will help reinforce consumer confidence in online services, providing a much needed boost to growth, jobs and innovation in Europe.

New EU-US agreement on the transfer of Passenger Name Record (PNR) data - guide
The European Commission has initialled an agreement with the US that, if endorsed by the Council and the European Parliament, would replace the existing agreement from 2007 that currently regulates the transfer of Passenger Name Record (PNR) by air carriers to the US. The request to re-negotiate the existing PNR Agreement came from the European Parliament as part of its new role in the post-Lisbon era, and Commissioner Malmström started negotiations in December 2010 after receiving negotiating authorisation from the Council. The new text represents a substantial improvement over the existing 2007 Agreement and Commissioner Malmstrom intends to ask the green light of the Council and the European Parliament to sign it soon.

Attitudes on Data Protection and Electronic Identity in the European Union - Special Eurobarometer survey 359
Three out of four Europeans accept that revealing personal data is part of everyday life, but they are also worried about how companies – including search engines and social networks – use their information. These are the main conclusions of a new Eurobarometer survey on attitudes towards data protection and electronic identity, released by the European Commission today. The report reveals that 62% of people in the European Union give the minimum required information so as to protect their identity, while 75% want to be able to delete personal information online whenever they want to – the so-called right to be forgotten. There is also strong support for EU action: 90% want to have the same data protection rights across Europe.

Evaluation report of the Data Retention Directive
Data concerning telecommunications traffic through telephone networks and through the internet is, to some extent, retained (stored) by telecommunication service providers for their own commercial purposes (e.g., for billing purposes). The Data Retention Directive seeks to harmonise certain aspects of national rules on such storage. It requires telecommunication service providers to store traffic and location data regarding fixed and mobile telephony, internet access, email and telephony, for a period of at least six months (and no more than two years), and to make it available on request to law enforcement authorities for the purpose of investigation, detection and prosecution of serious crime and terrorism.

EU proposal for passenger data to fight serious crime and terrorism - guide
The European Commission has presented a proposal for an EU Passenger Name Record (PNR) Directive to fight serious crime and terrorism. The proposal obliges air carriers to provide EU Member States with data on passengers entering or departing from the EU, whilst guaranteeing a high level of protection of privacy and personal data.

A comprehensive approach on personal data protection in the European Union - EU Communication COM(2010)609/3
On 4 November 2010 the European Commission adopted a strategic Communication on a comprehensive strategy on data protection in the European Union (COM(2010)609/3), highlighting its main ideas and key objectives on how to revise the current rules on data protection.

Consultation on the legal framework for the fundamental right to protection of personal data
The aim of the public consultation on the Consultation on the Commission's comprehensive approach on personal data protection in the European Union is to obtain views on the Commission's ideas - as highlighted in the Communication attached to this consultation - on how to address the new challenges for personal data protection (e.g., fast developing technologies, globalisation) in order to ensure an effective and comprehensive protection to individual’s personal data within the EU. The period of consultation is from 4 November 2010 to 15 January 2011.

EU data protection rules reform - guide
What happens to your personal data when you board a plane, open a bank account, or share photos online? How is this data used and by whom? How do you permanently delete profile information on social networking websites? Can you transfer your contacts and photos to another service? Controlling your information, having access to your data, being able to modify or delete it – these are essential rights that have to be guaranteed in today's digital world. To address these issues, the European Commission sets out a strategy on how to protect individuals' data in all policy areas, including law enforcement, while reducing red tape for business and guaranteeing the free circulation of data within the EU. This policy review will be used by the Commission with the results of a public consultation to revise the EU’s 1995 Data Protection Directive. The Commission will then propose legislation in 2011.

EU external strategy on Passenger Name Record (PNR) - guide
The European Commission has adopted a package of proposals on the exchange of Passenger Name Record (PNR) data with third countries, consisting of an EU external PNR strategy and recommendations for negotiating directives for new PNR agreements with the United States, Australia and Canada.

EC tells UK to comply with EU data protection rules
The powers of Britain's data protection authority need to be strengthened if they are to comply with the EU's Data Protection Directive, the European Commission said today.

EU-US Open Skies: MEPs call for open markets
The European Parliament regrets continuing US restrictions on EU companies' ownership of stakes in US airlines, calls for better protection of air passengers' personal data, and says airlines from both sides should be included in emission trading rules, in a resolution passed on Thursday.

EU warns Finland on personal tax data
The European Commission today warned Finland that its data protection law may be breaking EU rules. Finnish taxpayers’ personal data is available to the public and is being collected by businesses for sale as special publications, CDs and text messages.

EU seeks high privacy standards in EU-US data protection agreement
The European Commission has adopted a draft mandate to negotiate a personal data protection agreement between the European Union and the United States when cooperating to fight terrorism or crime. The agreement would give citizens more rights to manage their data.

EU-US data protection agreement negotiations - briefing
The European Commission today adopted a draft mandate to negotiate a personal data protection agreement between the European Union and the United States when cooperating to fight terrorism or crime. The aim is to ensure a high level of protection of personal information like passenger data or financial information that is transferred as part of transatlantic cooperation in criminal matters. The agreement would enhance the right of citizens to access, rectify or delete data, where appropriate.

"Bulk data" transfers to the US against EU law, warn MEPs
Euro-MPs warned today that any new agreement on providing bank data to the United States must avoid "bulk data" transfers until they can be processed within the EU.

Data Protection: A Practical Guide to UK and EU Law
Now in its third edition, this invaluable handbook offers practical solutions to issues arising in relation to data protection law. It is fully updated and expanded to include coverage of all of the significant developments in the practice of data protection, and takes account of the wealth of guidance published by the UK's Information Commissioner since the last edition. The third edition includes new material on the changes to the Commissioner's powers and new guidance from the Commissioner's office, coverage of new cases on peripheral aspects of data protection compliance and examples of enforcement, the new code on CCTV processing, the new employment code, clarification on the definition of "personal data", the binding corporate rules on the exemption to the export data ban and the new ICT set of model contractual provisions for data exports, and the proposed action by the EU against the UK for failing to implement the Data Protection Directive appropriately. There are new chapters on terminology and data security.

New EU-US negotiations on bank data transfers on the cards
The Commission today adopted a draft mandate for negotiating bank data transfers with the United States government under the Terrorist Financing Tracking Programme (TFTP). The Commission wants to complete an agreement this summer to limit gaps in security.

Data Protection in the EU
A full guide on The European Directive on Data Protection.

Data protection in the electronic communications sector
New technologies, and in particular the Internet and electronic messaging services, call for specific requirements to ensure that users have a right to privacy. This EU Directive contains provisions that are crucial to ensuring that users can trust the services and technologies they use for communicating electronically. The main provisions apply to spam, ensuring the user's prior consent ("opt-in"), and the installation of cookies.