European Union moves closer to single set of data protection rules

Last month, the Council of the European Union took steps toward finalizing a data protection regulation that observers say could change the face of privacy practices in Europe and potentially increase interest in cyber liability insurance.

“We have moved a great step closer to modernized and harmonized data protection framework for the European Union. I am very content that after more than three years of negotiations we have finally found a compromise on the text. The new data protection regulation, adapted to the needs of the digital age, will strengthen individual rights of our citizens and ensure a high standard of protection,” said Dzintars Rasnačs, Latvia’s minister for justice.

The newest data protection agreement calls for personal data to be collected “under strict conditions and for a legitimate purpose” and with the “unambiguous consent” of the individual whose data will be collected. Even with permission, the regulation would call for data subjects to have access to their data, information about how it is used and maintained.

The regulation also requires that individuals have the right “to be forgotten,” meaning that they can choose to have that data erased, such as information collected when the individual was a child. Limits would also be applied to “profiling,” or using data to assess work performance, economic situation, health, or personal preferences.

“A single set of rules, valid across the EU and applicable both to European and non European companies offering their on-line services in the EU will prevent conflicting national data protection rules from disrupting  cross-border exchanges of data,” noted the EU in a statement on the agreement. “Moreover, increased cooperation between the supervisory authorities in the member states will ensure coherent application of those rules throughout the EU.”