EU institutions still have much to do with regard to the adoption of the new package on data protection. The Cyprus Presidency is optimistic that a partial general approach on certain aspects of the package can be achieved by the end of the year.
The Cyprus Presidency was praised for its work in promoting the new package on data protection, during the recent Informal Justice and Home Affairs (JHA) Council. Ms Viviane Reding, Vice President of the European Commission, responsible for Justice, Fundamental Rights and Citizenship, stated emphatically that “Cyprus has put us in fifth gear”.
Even in “fifth gear” though, there is still much to be done in order for the new legislation to be adopted. “The package consists of one general regulation and a directive which regulates the issue of personal data protection, especially in the fields of justice and police”, explains Constantinos Georgiades, chairperson of the Data Protection working party. The European Commission’s objective is to have the package adopted in 2013 or in early 2014.
According to Mr Georgiades, the Cyprus Presidency aims to move discussion forward as far as possible, considering the momentum and the developments that will take place, as well as the interest of the member states. The Presidency’s objective is to achieve a general partial approach on certain articles of the legislative package by December 2012.
What is data protection
Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose. Furthermore, persons or organisations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law.
Every day within the EU, businesses, public authorities and individuals transfer vast amounts of personal data across borders. Conflicting data protection rules in different countries would disrupt international exchanges. Individuals might also be unwilling to transfer personal data abroad if they were uncertain about the level of protection in other countries.
Therefore, common EU rules have been established to ensure that your personal data enjoys a high standard of protection everywhere in the EU. You have the right to complain and obtain redress if your data is misused anywhere within the EU.
Protection of juveniles
In 2012, the Commission proposed a major reform of the EU legal framework on the protection of personal data. The new proposals will strengthen individual rights and tackle the challenges of globalisation and new technologies.
Among the main targets of the reform package is the protection of juveniles in the digital environment. “The regulation contains special provisions for the processing of personal data of juveniles. Among others, it invigorates the right of denial by introducing the prerogative of oblivion, the practice of which will allow the user to ask for any personal information he or anyone else had uploaded -especially on social network websites- to be fully deleted“, Mr. Georgiades points out.
In addition, the directive seeks to facilitate the processing of information from the police authorities of the member states, the cooperation between member states and the transmission of data to third countries, when deemed necessary.
Cost and risk
In the Informal JHA Council, which took place on Tuesday, July 24 in Cyprus, the Cyprus Presidency set three topics for discussion to the Justice Ministers, on which they expressed common concerns. Through the discussions, consensus was reached on the following three issues: a) to avoid creating additional costs to small and medium enterprises, b) to implement common regulations for personal data protection in the private and the public sector, with some flexibility towards the public sector due to its particularities and c) to limit the enhanced powers proposed in the new package, so the Commission will not be able to regulate issues of Personal Data Protection through delegated acts, without the endorsement of the European Parliament.
The ministers asked for a clearer interpretation of the Regulation, so that it includes provisions which will ensure that the administration costs of each enterprise will take into account its size and risk of processing. “The local grocery owner can’t shoulder the same financial costs as a large multinational company”, says Mr. Georgiades, adding however, that the main criteria should be the element of risk rather than the size of the business. “Beyond the size of an organisation and the element of risk, the range of danger groups of people are exposed to and especially the juvenile users of the internet, the number of citizens affected and the amount of personal data an organisation is processing are also significant parameters “, Mr. Georgiades concludes.
Office of the Commissioner for Personal Data Protection, Data Protection Chair (DAPIX Data Protection)
Telephone: +357 22818456