Skip to content. | Skip to navigation

Personal tools
Sections
You are here: Home topics Data protection in the EU
Document Actions

Data protection in the EU

Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose. Persons or organisations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law. Common EU rules have been established to ensure that people's personal data enjoys a high standard of protection everywhere in the EU. You have the right to complain and obtain redress if your data is misused anywhere within the EU. The EU's Data Protection Directive also foresees specific rules for the transfer of personal data outside the EU to ensure the best possible protection of your data when it is exported abroad.

EU seeks high privacy standards in EU-US data protection agreement
The European Commission has adopted a draft mandate to negotiate a personal data protection agreement between the European Union and the United States when cooperating to fight terrorism or crime. The agreement would give citizens more rights to manage their data.

EU-US data protection agreement negotiations - briefing
The European Commission today adopted a draft mandate to negotiate a personal data protection agreement between the European Union and the United States when cooperating to fight terrorism or crime. The aim is to ensure a high level of protection of personal information like passenger data or financial information that is transferred as part of transatlantic cooperation in criminal matters. The agreement would enhance the right of citizens to access, rectify or delete data, where appropriate.

"Bulk data" transfers to the US against EU law, warn MEPs
Euro-MPs warned today that any new agreement on providing bank data to the United States must avoid "bulk data" transfers until they can be processed within the EU.

Data Protection: A Practical Guide to UK and EU Law
Now in its third edition, this invaluable handbook offers practical solutions to issues arising in relation to data protection law. It is fully updated and expanded to include coverage of all of the significant developments in the practice of data protection, and takes account of the wealth of guidance published by the UK's Information Commissioner since the last edition. The third edition includes new material on the changes to the Commissioner's powers and new guidance from the Commissioner's office, coverage of new cases on peripheral aspects of data protection compliance and examples of enforcement, the new code on CCTV processing, the new employment code, clarification on the definition of "personal data", the binding corporate rules on the exemption to the export data ban and the new ICT set of model contractual provisions for data exports, and the proposed action by the EU against the UK for failing to implement the Data Protection Directive appropriately. There are new chapters on terminology and data security.

New EU-US negotiations on bank data transfers on the cards
The Commission today adopted a draft mandate for negotiating bank data transfers with the United States government under the Terrorist Financing Tracking Programme (TFTP). The Commission wants to complete an agreement this summer to limit gaps in security.

Data Protection in the EU
A full guide on The European Directive on Data Protection.

Data protection in the electronic communications sector
New technologies, and in particular the Internet and electronic messaging services, call for specific requirements to ensure that users have a right to privacy. This EU Directive contains provisions that are crucial to ensuring that users can trust the services and technologies they use for communicating electronically. The main provisions apply to spam, ensuring the user's prior consent ("opt-in"), and the installation of cookies.

RFID: Radio Frequency IDentification - briefing
Europeans should be able to have control over smart chips, a worldwide market set to grow five times over in the next decade, while still being able to easily use them to make everyday life simpler, says the European Commission. There are already over 6 billion smart chips, microelectronic devices that can be integrated into a variety of everyday objects from fridges to bus passes. With Radio Frequency Identification (RFID) technology, they can process data automatically when brought close to 'readers' that activate them, pick up their radio signal and exchange data with them. They are in the passes you use to enter your office and the smart cards that pay highway tolls. Today, the Commission adopted a set of recommendations to make sure that everyone involved in the design or operation of technology using smart chips respects the individual's fundamental right to privacy and data protection, contained in the Charter of Fundamental Rights of the European Union proclaimed on 14 December 2007.

Data Protection: A Practical Guide to UK and EU Law (Paperback)
Now in its second edition, this invaluable handbook offers practical solutions to issues arising in relation to data protection law. Fully updated and expanded to include the new EC Directive on Privacy and Electronic Communication (in force on 31 October 2003), this book is a complete guide for anyone dealing with data protection advice or compliance in the UK, with chapters focusing in particular on the Internet, telecommunications, CCTV, the obligations of employers, and marketing and sales. Useful appendix material is also provided, including the full text of the Data Protection Act 1998, Directive 95/46/EC, Directive 2002/58/EC, and all implementing regulations.

International Agreement on transfer of Passenger Name Records (PNR)
The European Community and the United States signed an International Agreement on 28 May 2004 that makes possible the transfer of air passenger data to the US, under certain conditions. It entered into force with immediate effect. This agreement goes hand-in-hand with the Decision adopted two weeks ago by the European Commission, establishing the adequacy of US Bureau of Customs and Border Protection’s personal data protection.

The SWIFT case and the American Terrorist Finance Tracking Program
After the 11th September 2001 terrorist attacks, the United States Department of the Treasury ("U.S. Treasury") developed the "Terrorist Finance Tracking Program" ("TFTP"). The TFTP is based on United States statutory mandates and Executive Orders authorising the U.S. Treasury to use appropriate measures to identify, track and pursue those who provide financial support for terrorist activity.

Privacy Enhancing Technologies (PETs)
The use of Privacy Enhancing Technologies (PETs) can help to design information and communication systems and services in a way that minimises the collection and use of personal data and facilitate compliance with data protection rules. The use of PETs should result in making breaches of certain data protection rules more difficult and/or helping to detect them.

Data protection in the EU
Concerns about personal data collection on the Internet are increasing. Developments in the European Union fo create of a frontier free Internal Market and the EU's so-called 'Information Society' have greatly increases the cross-frontier flows of personal data between Member States of the EU.

Data protection in the EU
Developments of a frontier free Internal Market and of the so called 'information society' increase the cross-frontier flows of personal data between Member States of the EU. In order to remove potential obstacles to such flows and to ensure a high level of protection within the EU, data protection legislation has been harmonised. The Commission also engages in dialogues with non-EU countries in order to insure a high level of protection when exporting personal data to those countries. It also initiates studies on the development on European and international level on the state of data protection.

Safer Internet in the EU
The EU Safer Internet plus programme aims to promote safer use of the Internet and new online technologies, particularly for children, and to fight against illegal content and content unwanted by the end-user, as part of a coherent approach by the European Union.

Privacy Protection in the EU
The EU regulatory framework for electronic communications comprises a series of legal texts and associated measures that apply throughout the 25 EU Member States. The goals of the new framework are to encourage competition in the electronic communications markets, to improve the functioning of the internal market and to guarantee basic user interests that would not be guaranteed by market forces. The framework provides a set of rules that are simple, aimed at deregulation, technology neutral and sufficiently flexible to deal with fast changing markets in the electronic communications sector.

Copyright and neighbouring rights in the EU Internal Market
There has been significant harmonisation of the substantive copyright law in the European Union to reduce barriers to trade and to adjust the framework to new forms of exploitation. Common ground is also needed with respect to the rules on the enforcement of rights, i.e. on access to justice, sanctions and remedies regarding infringements. In order to grasp the full potential of marketing intellectual property rights in the Internal Market, the EU Commission believes that complementary measures on the management and licensing of these rights may also prove necessary. The Internal Market DG's task is to enforce the "acquis" on copyright and related rights; to advance it further and to modernise and adapt it to new developments in technology or the markets concerned as this is an evolving scenario.

European Data Protection Supervisor
The EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. It does so by: * monitoring the EU administration's processing of personal data; * advising on policies and legislation that affect privacy; and * co-operating with similar authorities to ensure consistent data protection.