Skip to content. | Skip to navigation

Personal tools
You are here: Home topics Data protection in the EU
Document Actions

Data protection in the EU

Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose. Persons or organisations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law. Common EU rules have been established to ensure that people's personal data enjoys a high standard of protection everywhere in the EU. You have the right to complain and obtain redress if your data is misused anywhere within the EU. The EU's Data Protection Directive also foresees specific rules for the transfer of personal data outside the EU to ensure the best possible protection of your data when it is exported abroad.

EU set to strengthen data protection rules
The EU is set to give the final nod to a legislative package on reform of its data protection rules, following first reading adoption by the Council.

EU-U.S. Privacy Shield legal texts
The European Commission issued on 29 February the legal texts that will put in place the EU-U.S. Privacy Shield as well as a Communication summarising action taken to restore trust in transatlantic data flows since the 2013 surveillance revelations.

EU-US Privacy Shield
The European Commission and the United States agreed on 3 February a new framework for transatlantic data flows: the EU-US Privacy Shield.

EU data protection reform to boost the Digital Single Market
The European Commission, Parliament and Council agreed in final negotiations between the three institutions on 15 December EU Data Protection Reform first put forward by the Commission in 2012, with the aim of making Europe 'fit for the digital age'.

EU-US data protection "Umbrella agreement"
The EU has finalised negotiations with the United States on high data protection standards for transatlantic law enforcement cooperation. The finalisation of the Umbrella Agreement negotiations is seen as an important step to strengthen the fundamental right to privacy effectively and to rebuild trust in EU-US data flows.

Stronger data protection rules for Europe
Ministers in the Justice Council sealed on 15 June a general approach on a European Commission proposal on the Data Protection Regulation. Modern, harmonised data protection rules will contribute to making Europe fit for the digital age and are a step forward to the EU Digital Single Market. Trilogue negotiations with the Parliament and the Council will start in June; the shared ambition is to reach a final agreement by the end of 2015.

Guidelines on the re-use of public sector information
The European Commission published on 17 July guidelines to help EU Member States benefit from the revised Directive on the re-use of public sector information (PSI Directive). These guidelines explain for example how to give access to weather data, traffic data, property asset data and maps. Open data can be used as the basis for innovative value-added services and products, such as mobile apps, which encourage investment in data-driven sectors.

Data-Driven Economy
With data collection and exploitation on the increase, the European Commission has responded to industry and grass-roots demands by calling on national governments to wake-up to this “big data” revolution.

The Data Retention Directive
The Data Retention Directive was adopted in the aftermath of the terrorist attacks in Madrid in 2004 and London in 2005 as there was a sense of urgency to harmonise the European efforts to investigate and prosecute the most serious crimes.

Restoring Trust in EU-US data flows
The European Commission has set out actions to be taken in order to restore trust in data flows between the EU and the U.S., following deep concerns about revelations of large-scale U.S. intelligence collection programmes, which have had a negative impact on the transatlantic relationship.

EU-US agreement on the transfer of Passenger Name Record (PNR) data
In 2011 the EU and the US agreed on a new PNR Agreement regulating the transfer of Passenger Name Record (PNR) by air carriers to the US. This agreement entered into force on 1 July 2012, replacing the previous one from 2007. It provides for a first joint review one year after its entry into force and regularly thereafter.

Data protection rules: backing from European Parliament Industry committee
The European Parliament’s Industry, Research and Energy Committee (ITRE) has given its backing to Commission proposals to reform the EU’s data protection rules which date back to 1995. The vote on the Committee’s opinion, drafted by Member of the European Parliament Seán Kelly, is the latest step towards a swift adoption of the proposed legislation. The Committee’s opinion – which covers the draft general Data Protection Regulation – will now be submitted to the Civil Liberties, Justice and Home Affairs Committee (LIBE), which will consolidate all the amendments submitted so far and vote on its own report at the end of April.

EU Directive 2002/58 on Privacy and Electronic Communications
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

Data protection reform - guide
The European Commission has today proposed a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy. Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used. In addition, the 27 EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement. A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. The initiative will help reinforce consumer confidence in online services, providing a much needed boost to growth, jobs and innovation in Europe.

New EU-US agreement on the transfer of Passenger Name Record (PNR) data - guide
The European Commission has initialled an agreement with the US that, if endorsed by the Council and the European Parliament, would replace the existing agreement from 2007 that currently regulates the transfer of Passenger Name Record (PNR) by air carriers to the US. The request to re-negotiate the existing PNR Agreement came from the European Parliament as part of its new role in the post-Lisbon era, and Commissioner Malmström started negotiations in December 2010 after receiving negotiating authorisation from the Council. The new text represents a substantial improvement over the existing 2007 Agreement and Commissioner Malmstrom intends to ask the green light of the Council and the European Parliament to sign it soon.

Attitudes on Data Protection and Electronic Identity in the European Union - Special Eurobarometer survey 359
Three out of four Europeans accept that revealing personal data is part of everyday life, but they are also worried about how companies – including search engines and social networks – use their information. These are the main conclusions of a new Eurobarometer survey on attitudes towards data protection and electronic identity, released by the European Commission today. The report reveals that 62% of people in the European Union give the minimum required information so as to protect their identity, while 75% want to be able to delete personal information online whenever they want to – the so-called right to be forgotten. There is also strong support for EU action: 90% want to have the same data protection rights across Europe.

Evaluation report of the Data Retention Directive
Data concerning telecommunications traffic through telephone networks and through the internet is, to some extent, retained (stored) by telecommunication service providers for their own commercial purposes (e.g., for billing purposes). The Data Retention Directive seeks to harmonise certain aspects of national rules on such storage. It requires telecommunication service providers to store traffic and location data regarding fixed and mobile telephony, internet access, email and telephony, for a period of at least six months (and no more than two years), and to make it available on request to law enforcement authorities for the purpose of investigation, detection and prosecution of serious crime and terrorism.

EU proposal for passenger data to fight serious crime and terrorism - guide
The European Commission has presented a proposal for an EU Passenger Name Record (PNR) Directive to fight serious crime and terrorism. The proposal obliges air carriers to provide EU Member States with data on passengers entering or departing from the EU, whilst guaranteeing a high level of protection of privacy and personal data.

A comprehensive approach on personal data protection in the European Union - EU Communication COM(2010)609/3
On 4 November 2010 the European Commission adopted a strategic Communication on a comprehensive strategy on data protection in the European Union (COM(2010)609/3), highlighting its main ideas and key objectives on how to revise the current rules on data protection.

Consultation on the legal framework for the fundamental right to protection of personal data
The aim of the public consultation on the Consultation on the Commission's comprehensive approach on personal data protection in the European Union is to obtain views on the Commission's ideas - as highlighted in the Communication attached to this consultation - on how to address the new challenges for personal data protection (e.g., fast developing technologies, globalisation) in order to ensure an effective and comprehensive protection to individual’s personal data within the EU. The period of consultation is from 4 November 2010 to 15 January 2011.

EU data protection rules reform - guide
What happens to your personal data when you board a plane, open a bank account, or share photos online? How is this data used and by whom? How do you permanently delete profile information on social networking websites? Can you transfer your contacts and photos to another service? Controlling your information, having access to your data, being able to modify or delete it – these are essential rights that have to be guaranteed in today's digital world. To address these issues, the European Commission sets out a strategy on how to protect individuals' data in all policy areas, including law enforcement, while reducing red tape for business and guaranteeing the free circulation of data within the EU. This policy review will be used by the Commission with the results of a public consultation to revise the EU’s 1995 Data Protection Directive. The Commission will then propose legislation in 2011.

EU external strategy on Passenger Name Record (PNR) - guide
The European Commission has adopted a package of proposals on the exchange of Passenger Name Record (PNR) data with third countries, consisting of an EU external PNR strategy and recommendations for negotiating directives for new PNR agreements with the United States, Australia and Canada.

EC tells UK to comply with EU data protection rules
The powers of Britain's data protection authority need to be strengthened if they are to comply with the EU's Data Protection Directive, the European Commission said today.

EU-US Open Skies: MEPs call for open markets
The European Parliament regrets continuing US restrictions on EU companies' ownership of stakes in US airlines, calls for better protection of air passengers' personal data, and says airlines from both sides should be included in emission trading rules, in a resolution passed on Thursday.

EU warns Finland on personal tax data
The European Commission today warned Finland that its data protection law may be breaking EU rules. Finnish taxpayers’ personal data is available to the public and is being collected by businesses for sale as special publications, CDs and text messages.