22 October, 2013
Yesterday, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) voted on the Compromise Text of the upcoming European General Data Protection Regulation. After months of negotiations, the Compromise Text has been approved by LIBE. The committee vote also set out a mandate for Parliament to start negotiations on the text with national governments in the European Council.
Mass surveillance cases, such as the PRISM case, seem to have influenced the stance of MEPs on protecting the privacy of European citizens, resulting in stronger safeguards for data transfers to non-EU countries, the requirement of explicit consent and higher fines. Although the Compromise Text has not been published (yet), some details of certain provisions were made public.
– Data transfers to non-EU countries: if a third country requests a company (eg. a search engine, social network or cloud provider) to disclose personal information processed in the EU, the firm would have to seek authorisation from the national data protection authority before transferring any data. The company would also have to inform the person of such a request.
– Sanctions: Non-compliance with the General Data Protection Authority can now lead to fines of up to €100 million or up to 5% of the annual worldwide turnover, up from €1 million and 2% as was proposed by the European Commission. This is a huge increase in risk, especially considering the fact that these fines can be cumulated per offence or breach.
– Profling: Under the Compromise Text, profiling will only be allowed if consent of the data subject is acquired, when provided by law or when needed to pursue a contract. Data subject have the right to object to being profiled, and profiling is not allowed if the result is based only on automated processes.
The negotiations mandate was adopted by 52 votes to 1, with 3 abstentions.
As soon as the European Council reaches consensus on its position with regards to the General Data Protection Regulation, negotiations between the Council, Parliament and the Commission can continue. The European Parliament hopes to reach an agreement before the European elections in May of next year.
Source: European Parliament
Encryptie, hashing, anonimisering, pseudonimisering: het zijn tegenwoordig veel voorkomende...
Steeds meer organisaties gebruiken profileringstechnieken en maken op geautomatiseerde wijze...