EU votes to overhaul data protection rules

European Commission

Following two years of debate and negotiation, MEPs have voted overwhelmingly in favour of draft legislation that would see substantial restrictions put on the transfer of EU citizens' personal data to US entities.

The legislation has been gridlocked since 2011 after the US and industry groups pressured the European Union to water down the proposals. UK Conservative Party MEPs had also been accused of trying to delay the legislation's progress through the European Parliament an accusation they have denied.

However, revelations about the extent of the American National Security Agency's spying operations in Europe, and its co-operation with the UK Government over project Temporah, is thought to have steeled the EU into action.

German Green MEP Jan Philipp Albrecht, who is steering the legislation through the European Parliament, said: "The vote is a breakthrough for data protection rules in Europe, ensuring that they are up to the challenges of the digital age.

"This legislation introduces overarching EU rules on data protection, replacing the current patchwork of national laws."

Luca Schiavoni, a telecoms regulation analyst at Ovum, said: "The landslide votes in favour for each amendment, both for the Regulation and for the Directive, suggests Parliament is orientated toward a consumer-protective legislation, and that advocating against the draft rules will be even harder after this stage. However, many concerns remain as to the viability of these rules in practice. The definition of what personal data' is ... is still very vague, which may open up a loophole in the legislation, and fail to protect consumers.

"The...tighter rules for the transfer of personal data to non-EU countries upon request from a public authority...if passed in this form, may strongly limit US companies' ability to transfer European users' data to the US."

Dwayne Melancon, chief technology officer at IT security firm Tripwire, said: "The new EU Directive has the potential to have a huge global impact because it applies to any organisation which operates in the EU, even if they are headquartered elsewhere in the world.

"The size of the fines connected with the Directive are so big they will definitely get the attention of CEOs and boards. It is incumbent upon senior business executives to seek clear answers about security risks from information security leadership to ensure appropriate steps are taken to enable compliance with this Directive before it takes effect."

Jane McCallion
Managing Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.