The European Parliament approved the report of rapporteur Axel Voss yesterday.  Titled “Personal data protection in the European Union”, the report endorsed the Commission’s aim of reforming the Data Protection Directive (95/46/EC) and suggested specific directions for the upcoming reform.  Among other positions explored by the report, the European Parliament:
Repeated calls for more regulation of behavioural advertising and “profiling” (as enabled by, for example, discount and loyalty scheme cards).  The Parliament also mentioned its concern over profiling in relation to “abuses stemming from online behavioural targeting” and “social network websites”), and called on the Commission to define the term “profiling” — presumably to enable more regulation of the practice under an amended data protection law; 
Acknowledged the need for more clarity in a number of areas, including what law is applicable to data processors and data controllers and the roles, rights and responsibilities of cloud computing service providers and cloud computing consumers; 
Supported a number of new individual rights, including the notion that data subjects should be able to “fully enforce” their data protection rights even when their data is transferred and processed in third countries beyond the EU, a right of data portability for data subjects and the well-known “right to be forgotten”, which the report also stated should be “clarified in detail”;
Requested further consideration of the addition of new categories of potentially sensitive data, including biometric and genetic data, and further caution when such data would be processed together with new technologies such as cloud computing; 
Called for further harmonisation of the powers of the national data protection agencies; and 
Endorsed Commissioner Viviane Reding’s aim of creating a new mandatory data breach notification obligation.  The Parliament took the position that any such obligation should not become a “routine alert for all sorts of breaches”, but nevertheless it also recommended that the new obligation require “all breaches without exception” to be recorded to aid in data breach investigations.
The report will now be forwarded to the European Council and European Commission — both bodies are now responsible for developing the report into a set of concrete legislative proposals in the next stage of the reform.

The European Parliament approved the report of rapporteur Axel Voss yesterday.  Titled “Personal data protection in the European Union”, the report endorsed the Commission’s aim of reforming the Data Protection Directive (95/46/EC) and suggested specific directions for the upcoming reform.  Among other positions explored by the report, the European Parliament:

  • Repeated calls for more regulation of behavioural advertising and “profiling” (as enabled by, for example, discount and loyalty scheme cards).  The Parliament also mentioned its concern over profiling in relation to “abuses stemming from online behavioural targeting” and “social network websites”), and called on the Commission to define the term “profiling” — presumably to enable more regulation of the practice under an amended data protection law; 
  • Acknowledged the need for more clarity in a number of areas, including what law is applicable to data processors and data controllers and the roles, rights and responsibilities of cloud computing service providers and cloud computing consumers; 
  • Supported a number of new individual rights, including the notion that data subjects should be able to “fully enforce” their data protection rights even when their data is transferred and processed in third countries beyond the EU, a right of data portability for data subjects and the well-known “right to be forgotten”, which the report also stated should be “clarified in detail”;
  • Requested further consideration of the addition of new categories of potentially sensitive data, including biometric and genetic data, and further caution when such data would be processed together with new technologies such as cloud computing; 
  • Called for further harmonisation of the powers of the national data protection agencies; and 
  • Endorsed Commissioner Viviane Reding’s aim of creating a new mandatory data breach notification obligation.  The Parliament took the position that any such obligation should not become a “routine alert for all sorts of breaches”, but nevertheless it also recommended that the new obligation require “all breaches without exception” to be recorded to aid in data breach investigations.

The report will now be forwarded to the European Council and European Commission — both bodies are now responsible for developing the report into a set of concrete legislative proposals in the next stage of the reform.

Tags: Data Protection Directive, European Union (EU)
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Dan Cooper Dan Cooper

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing…

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing clients in regulatory proceedings before privacy authorities in Europe and counseling them on their global compliance and government affairs strategies. Dan regularly lectures on the topic, and was instrumental in drafting the privacy standards applied in professional sport.

According to Chambers UK, his “level of expertise is second to none, but it’s also equally paired with a keen understanding of our business and direction.” It was noted that “he is very good at calibrating and helping to gauge risk.”

Dan is qualified to practice law in the United States, the United Kingdom, Ireland and Belgium. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as Privacy International and the European security agency, ENISA.

Read more about Dan CooperEmail
Show more Show less