We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

The data protection reform is a legislative package proposed by the Commission in 2012 to update and modernise the rules of the 1995 data protection directive and the 2008 framework decision on data protection in judicial cooperation in criminal matters and police cooperation.

Uniform and up-to-date legislation on data protection is essential to guarantee the fundamental right of individuals to have their personal data protected, to allow for the development of the digital economy and to strengthen the fight against crime and terrorism.

The data protection package includes two legislative proposals:

  • A general data protection regulation
  • A directive on protecting personal data processed for the purpose of law enforcement 

In December 2015, the Council and European Parliament reached an agreement on the draft texts.

On 8 April 2016, the Council adopted its position at first reading. These texts were then adopted by European Parliament on 14 April 2016.

Key facts

  • for 57% of Europeans disclosing personal information is a big issue
  • 70% are concerned that companies may use the information for a different purpose than the one they collected it for
  • only 15% feel in complete control of the information they provide online
  • 90% of Europeans think it is important to have the same rights and protection in all EU countries

Why do we need it?

In the last few decades, the European Union has adopted several pieces of legislation to protect personal data, the main one being the 1995 Data Protection Directive. However, since the Lisbon Treaty, protection of personal data has become a fundamental right under EU law, recognised by the Treaty on the Functioning of the European Union and the EU Charter of Fundamental Rights. This means that the Union now has a specific legal basis to adopt legislation to protect this fundamental right.

Rapid technological developments in the last two decades have brought new challenges for the protection of personal data. The scale of data sharing and collection has grown exponentially, sometimes taking place on a global level, and individuals are increasingly making personal information publicly available.

The economic and social integration resulting from the functioning of the internal market has also led to a substantial increase in cross-border flows of data. 

To take full account of all these developments and promote the digital economy, there is a need to ensure a high level of protection of personal data, while at the same time allowing for the free movement of such data within the Union.

In the case of personal data used for law enforcement purposes, there is a growing need for authorities in the member states to process and exchange data as part of the fight against transnational crime and terrorism. In this context, clear and consistent rules on data protection at EU level are fundamental to improving cooperation between those authorities.

International agreements

In addition to reforming EU data protection rules, the Council adopted in 2010 a mandate for the Commission to negotiate a data protection agreement with the United States (umbrella agreement). This agreement aims at protecting personal data of European citizens transferred between the EU and the US for law enforcement purposes. It will serve as a complement to existing and future agreements.

Negotiations with the US were finalised in September 2015. The US adopted in February 2016 a new law granting EU citizens the right to judicial redress in the US (the Judicial Redress Act). This was a precondition for the signing and conclusion of the umbrella agreement. The next steps for signing and ratification of the agreement have now started.