Skip to content. | Skip to navigation

Personal tools
You are here: Home topics Data protection in the EU Data protection guides
Document Actions

Data protection guides

EU data protection rules 2-year review
Two years after its entry into application, the European Commission published on 24 June an evaluation report on the General Data Protection Regulation (GDPR).

The shape of Europe's digital future
The European Commission unveiled on 19 February its strategy for a society powered by digital solutions that put people first, opens up new opportunities for businesses, and boosts the development of trustworthy technology to foster an open and democratic society and a vibrant and sustainable economy.

Code of Practice against disinformation
The European Commission published on 29 January the first reports submitted by signatories of the Code of Practice against disinformation signed in October 2018.

Japan adequacy decision
The European Commission adopted on 23 January 2019 its adequacy decision on Japan, allowing personal data to flow freely between the two economies on the basis of strong protection guarantees.

Free flow of non-personal data in the EU
The European Parliament, Council and the European Commission on 19 June reached a political agreement on new rules that will allow data to be stored and processed everywhere in the EU without unjustified restrictions.

General Data Protection Regulation - background guide
The data protection reform package which entered into force in May 2016 and will be applicable as of May 2018 includes the General Data Protection Regulation ("Regulation") and the Data Protection Directive for the police and criminal justice sector.

Annual Review of the EU-U.S. Privacy Shield
The European Commission published on 18 October its first annual report on the functioning of the EU- U.S. Privacy Shield, the aim of which is to protect the personal data of anyone in the EU transferred to companies in the U.S. for commercial purposes.

Data protection reform package
The EU data protection reform package entered into force in May 2016 and will be applicable as of May 2018. It includes the General Data Protection Regulation ("Regulation") and the Data Protection Directive for the police and criminal justice sector.

Exchanging and Protecting Personal Data in a Globalised World
The European Commission is proposing new legislation to ensure stronger privacy in electronic communications, while opening up new business opportunities.

EU-U.S. Data Protection "Umbrella Agreement" - questions & answers
The EU-US data protection "Umbrella Agreement", given the green light by the European Parliament on 1 December, puts in place a comprehensive high-level data protection framework for EU-US law enforcement cooperation.

EU Data Protection Regulation: Where do businesses need to take action now?
After a protracted negotiation and design phase, the EU General Data Protection Regulation (GDPR) was adopted by the European Parliament on 04/14/2016 and entered into force on 05/24/2016. After 20 years, data protection law is at a whole new level and particularly uniform for the European Union.

EU-U.S. Privacy Shield legal texts
The European Commission issued on 29 February the legal texts that will put in place the EU-U.S. Privacy Shield as well as a Communication summarising action taken to restore trust in transatlantic data flows since the 2013 surveillance revelations.

EU-US Privacy Shield
The European Commission and the United States agreed on 3 February a new framework for transatlantic data flows: the EU-US Privacy Shield.

EU-US data protection "Umbrella agreement"
The EU has finalised negotiations with the United States on high data protection standards for transatlantic law enforcement cooperation. The finalisation of the Umbrella Agreement negotiations is seen as an important step to strengthen the fundamental right to privacy effectively and to rebuild trust in EU-US data flows.

Stronger data protection rules for Europe
Ministers in the Justice Council sealed on 15 June a general approach on a European Commission proposal on the Data Protection Regulation. Modern, harmonised data protection rules will contribute to making Europe fit for the digital age and are a step forward to the EU Digital Single Market. Trilogue negotiations with the Parliament and the Council will start in June; the shared ambition is to reach a final agreement by the end of 2015.

Guidelines on the re-use of public sector information
The European Commission published on 17 July guidelines to help EU Member States benefit from the revised Directive on the re-use of public sector information (PSI Directive). These guidelines explain for example how to give access to weather data, traffic data, property asset data and maps. Open data can be used as the basis for innovative value-added services and products, such as mobile apps, which encourage investment in data-driven sectors.

Data-Driven Economy
With data collection and exploitation on the increase, the European Commission has responded to industry and grass-roots demands by calling on national governments to wake-up to this “big data” revolution.

The Data Retention Directive
The Data Retention Directive was adopted in the aftermath of the terrorist attacks in Madrid in 2004 and London in 2005 as there was a sense of urgency to harmonise the European efforts to investigate and prosecute the most serious crimes.

Restoring Trust in EU-US data flows
The European Commission has set out actions to be taken in order to restore trust in data flows between the EU and the U.S., following deep concerns about revelations of large-scale U.S. intelligence collection programmes, which have had a negative impact on the transatlantic relationship.

EU-US agreement on the transfer of Passenger Name Record (PNR) data
In 2011 the EU and the US agreed on a new PNR Agreement regulating the transfer of Passenger Name Record (PNR) by air carriers to the US. This agreement entered into force on 1 July 2012, replacing the previous one from 2007. It provides for a first joint review one year after its entry into force and regularly thereafter.

Data protection rules: backing from European Parliament Industry committee
The European Parliament’s Industry, Research and Energy Committee (ITRE) has given its backing to Commission proposals to reform the EU’s data protection rules which date back to 1995. The vote on the Committee’s opinion, drafted by Member of the European Parliament Seán Kelly, is the latest step towards a swift adoption of the proposed legislation. The Committee’s opinion – which covers the draft general Data Protection Regulation – will now be submitted to the Civil Liberties, Justice and Home Affairs Committee (LIBE), which will consolidate all the amendments submitted so far and vote on its own report at the end of April.

Data protection reform - guide
The European Commission has today proposed a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy. Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used. In addition, the 27 EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement. A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. The initiative will help reinforce consumer confidence in online services, providing a much needed boost to growth, jobs and innovation in Europe.

New EU-US agreement on the transfer of Passenger Name Record (PNR) data - guide
The European Commission has initialled an agreement with the US that, if endorsed by the Council and the European Parliament, would replace the existing agreement from 2007 that currently regulates the transfer of Passenger Name Record (PNR) by air carriers to the US. The request to re-negotiate the existing PNR Agreement came from the European Parliament as part of its new role in the post-Lisbon era, and Commissioner Malmström started negotiations in December 2010 after receiving negotiating authorisation from the Council. The new text represents a substantial improvement over the existing 2007 Agreement and Commissioner Malmstrom intends to ask the green light of the Council and the European Parliament to sign it soon.

Evaluation report of the Data Retention Directive
Data concerning telecommunications traffic through telephone networks and through the internet is, to some extent, retained (stored) by telecommunication service providers for their own commercial purposes (e.g., for billing purposes). The Data Retention Directive seeks to harmonise certain aspects of national rules on such storage. It requires telecommunication service providers to store traffic and location data regarding fixed and mobile telephony, internet access, email and telephony, for a period of at least six months (and no more than two years), and to make it available on request to law enforcement authorities for the purpose of investigation, detection and prosecution of serious crime and terrorism.

EU proposal for passenger data to fight serious crime and terrorism - guide
The European Commission has presented a proposal for an EU Passenger Name Record (PNR) Directive to fight serious crime and terrorism. The proposal obliges air carriers to provide EU Member States with data on passengers entering or departing from the EU, whilst guaranteeing a high level of protection of privacy and personal data.