Data protection in the EU

Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose. Persons or organisations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law. Common EU rules have been established to ensure that people's personal data enjoys a high standard of protection everywhere in the EU. You have the right to complain and obtain redress if your data is misused anywhere within the EU. The EU's Data Protection Directive also foresees specific rules for the transfer of personal data outside the EU to ensure the best possible protection of your data when it is exported abroad.

EU states must be ready for new data protection rules, says Brussels — 25 January 2018, 23:01 CET

With new EU data protection rules set to come into force on 25 May, the European Commission has published guidance to help Member States prepare for the changes and provide support to businesses.

2018 reform of EU data protection rules — 21 May 2018, 18:43 CET

Stronger rules on data protection mean people have more control over their personal data and businesses benefit from a level playing field.

General Data Protection Regulation - background guide — 21 May 2018, 18:50 CET

The data protection reform package which entered into force in May 2016 and will be applicable as of May 2018 includes the General Data Protection Regulation ("Regulation") and the Data Protection Directive for the police and criminal justice sector.

Talks set to remove barriers to free flow of data in Europe — 20 December 2017, 23:07 CET

A draft proposal to allow non-personal data to move freely across borders, removing unjustified restrictions on the geographical location for storing and processing data, was agreed Wednesday by EU states.

Restrictions to Cross-Border Data Flows: a Taxonomy — 28 November 2017, 14:16 CET

Strict privacy regimes, requests to use local data centres and outright bans to transfer data abroad are a few examples of policies imposed recently that restrict data from crossing national or regional borders. This paper is the first one to propose a comprehensive taxonomy of these restrictions, which has a bearing on international trade law. Restrictions on cross-border data flows may affect countries’ legal commitments under various trade agreements, including the General Agreement on Trade in Services (GATS). This taxonomy can be the basis of further legal and economic research to assess the legitimacy and necessity of these under international trade law.

Privacy activist can sue Facebook, but no class action: EU Court — 15 November 2017, 22:54 CET

Austrian privacy activist Maximilian Schrems can sue Facebook Ireland before the Austrian Courts with respect to the private use of his Facebook account, an EU Court advisor said Wednesday.

EU-US Privacy Shield review finds room for improvement — 18 October 2017, 21:03 CET

The EU- U.S. Privacy Shield is doing a good job in protecting the personal EU personal data but there is some room for improving its implementation, the Commission says in its first annual review.

Annual Review of the EU-U.S. Privacy Shield — 18 October 2017, 20:38 CET

The European Commission published on 18 October its first annual report on the functioning of the EU- U.S. Privacy Shield, the aim of which is to protect the personal data of anyone in the EU transferred to companies in the U.S. for commercial purposes.

EU targets end to data localisation — 21 September 2017, 00:25 CET

The EU Commission proposed a framework for the free flow of non-personal data Tuesday, highlighting the removal of data localisation restrictions as key to unlocking the potential of Europe's data economy.

Data protection reform package — 24 May 2017, 15:35 CET

The EU data protection reform package entered into force in May 2016 and will be applicable as of May 2018. It includes the General Data Protection Regulation ("Regulation") and the Data Protection Directive for the police and criminal justice sector.

Euro-MPs address new online privacy rules — 19 April 2017, 15:51 CET

A European Parliament committee is working on new privacy rules which would take account of new practices such as internet-based messaging and allow users better control of their privacy settings.

Exchanging and Protecting Personal Data in a Globalised World — 12 January 2017, 23:17 CET

The European Commission is proposing new legislation to ensure stronger privacy in electronic communications, while opening up new business opportunities.

Skype, WhatsApp face tighter EU e-Privacy laws — 12 January 2017, 19:15 CET

Services such as Skype and WhatsApp would need to respect similar e-Privacy rules to those for traditional phone and text messaging services under plans to update EU data privacy rules unveiled Tuesday.

Euro-MPs greenlight EU-US data protection agreement — 01 December 2016, 15:16 CET

The European Parliament gave the green light Thursday to the EU-US 'Umbrella Agreement' on the protection of personal data exchanged across the Atlantic for the purposes of law enforcement.

EU-U.S. Data Protection "Umbrella Agreement" - questions & answers — 01 December 2016, 14:46 CET

The EU-US data protection "Umbrella Agreement", given the green light by the European Parliament on 1 December, puts in place a comprehensive high-level data protection framework for EU-US law enforcement cooperation.

Websites can store IP Addresses, rules EU Court — 20 October 2016, 18:41 CET

A website operator can store certain personal data relating to visitors of the site if it helps to identify the visitor and also to protect itself against cyber attacks, the EU's top court ruled on Thursday.

EU - U.S. Privacy Shield goes operational — 04 August 2016, 23:41 CET

From 1 August, companies can sign up to the Privacy Shield with the U.S. Department of Commerce who can verify their privacy policies comply with data protection standards required by the EU-U.S. agreement signed 12 July.

EU-US data transfer accord enters into force — 13 July 2016, 00:31 CET

The European Union approved Tuesday the EU-U.S. Privacy Shield, a special arrangement that replaces the former 'Safe Harbor' agreement to allow transfer of personal data from the EU to the United States.

EU Data Protection Regulation: Where do businesses need to take action now? — 01 July 2016, 00:20 CET

After a protracted negotiation and design phase, the EU General Data Protection Regulation (GDPR) was adopted by the European Parliament on 04/14/2016 and entered into force on 05/24/2016. After 20 years, data protection law is at a whole new level and particularly uniform for the European Union.

EU, US sign shared law enforcement data deal — 05 June 2016, 15:48 CET

The EU signed an 'umbrella' deal on protection of shared data with the United States Thursday, putting in place a comprehensive data protection framework for criminal law enforcement cooperation.

EU-US 'Privacy Shield' data deal needs improvement, say MEPs — 26 May 2016, 17:55 CET

The European Parliament urged the EU Commission Thursday to go on negotiating with the United States over the proposed 'Privacy Shield' protection for EU citizens’ data transferred to the US for commercial purposes.

MEPs back EU directive on use of Passenger Name Records — 14 April 2016, 17:31 CET

Airlines will have to hand national authorities passengers' data for all flights from third countries to the EU and vice versa under a directive regulating the use of Passenger Name Record data in the EU, approved by the European Parliament.

EU votes in new rules for personal data protection — 17 April 2016, 23:37 CET

Euro-MPs have given the green light to new EU data protection rules aiming to give citizens back control of their personal data and create a high, uniform level of data protection across the EU.

EU set to strengthen data protection rules — 12 April 2016, 00:57 CET

The EU is set to give the final nod to a legislative package on reform of its data protection rules, following first reading adoption by the Council.

EU-U.S. Privacy Shield legal texts — 29 February 2016, 13:47 CET

The European Commission issued on 29 February the legal texts that will put in place the EU-U.S. Privacy Shield as well as a Communication summarising action taken to restore trust in transatlantic data flows since the 2013 surveillance revelations.