From: TheParliament.com

By Jan Philipp Albrecht, Axel Voss, Alexander Alvaro, Dimitrous Droutsas, Timothy Kirkhope and Cornelia Ernst

Key rapporteurs on parliament’s data protection regulation Jan Philipp Albrecht, Axel Voss, Alexander Alvaro, Dimitrios Droutsas, Timothy Kirkhope and Cornelia Ernst offer their views following parliament’s Strasbourg plenary vote.

Jan Philipp Albrecht (Greens/EFA) is parliament’s rapporteur on personal data protection: processing and free movement of data (general data protection regulation).

Parliament’s justice, civil liberties and home affairs (LIBE) committee vote is a breakthrough for data protection in Europe and would overhaul EU rules, ensuring they are up to the task of the challenges in the digital age. This legislation introduces overarching EU rules on data protection, replacing the current patchwork of national laws, and an overwhelming majority of MEPs have voted to ensure it delivers a high level of protection for EU citizens.

Parliament now has a clear mandate to start negotiations with EU governments, with a view to finalising this crucial legislation as soon as possible. The ball is now in the court of member state governments to agree a position and start negotiations, so we can respond to citizens’ interests and deliver an urgently-needed update of EU data protection rules without delay.

The mandate makes clear that it is exclusively EU law that applies to EU citizens’ private data online, regardless of where the business processing their data has its seat: the data of EU citizens cannot be transferred to third parties without any legal basis in EU law.

This vote also ensures that citizens can truly exert control over their personal information online. Provisions on explicit consent would mean online users cannot be duped into signing control of their private data away, but will have to be asked explicitly and regularly if they agree to their private data being processed.

Provisions establishing ‘right to erasure’ would ensure that companies are made responsible for erasing the data of users who request this, and for ensuring this erasure is comprehensive and downstream, so long as this does not impinge on the right of freedom of information or expression of others. Crucially, MEPs have also ensured the rules have teeth: meaningful sanctions up to five per cent of turnover should act as a real deterrent against companies infringing EU law.

Axel Voss is parliament’s EPP group shadow rapporteur on the general data protection regulation.

The European patchwork carpet is a thing of the past. The rights of the citizens have been strengthened and the same rules apply everywhere across the EU. Despite considerable improvements for users, the standards still remain practicable for the economy.

In future all users are to get extensive deletion, information and access rights for their data. To this end, data processers must provide information about the handling of their data in clear and comprehensible language. Data relating to persons under 13 years old may be processed only with the consent of their parents. For 13-18 year-olds appropriate language must be used. That is a great step forward in comparison with the current situation.

In every company there is to be an employee responsible for data protection in the future. The threshold is to be 5000 customer contacts per year. This threshold value is much more realistic than a rigid definition of the number of employees of a company. The information and documentation obligations of a company will, in future, be based on the risk associated with data processing. The load on small companies such as the local baker, who does not have a data protection problem, will be removed.

Personalised advertising on the net will continue to be possible, but will now be subject to greater transparency and more control by the users themselves. Without the consent of the user the creation of user profiles will only be possible on the basis of pseudonym data. This data processing can be withdrawn at any time and without cost. Data processers must make reference to this in a clear and transparent manner.

For infringements against the EU-directive severe penalties of up to five per cent of annual turnover are provided. In addition, sanctions are to be applied in an EU-wide ‘black list’. Now the European parliament and member states must agree on the final text of the directive. I hope that the member states will finally develop the will to act. We, as the parliament, are prepared to strengthen the rights of our citizens as quickly as possible.

Dimitrios Droutsas is parliament’s S&D group shadow rapporteur on the general data protection regulation.

With yesterday’s vote, the European parliament has sent some very important messages. First, that the protection of personal data of the European citizen – in all areas, private and public – remains one of the most important issues for parliament.

Second, that member states and the council must move fast. It is their turn now to act. The heads of state and government will have an excellent opportunity to show their decisiveness at the next meeting of the European council in a few days. We are all waiting for this. Finally and most importantly parliament has shown that it understands the needs of its citizens, that it listens carefully to and fully respects their voices and messages.

Parliament has fulfilled what was expected from it. For us, it was very important from the very beginning that the regulation and the directive were considered a package. Our main principles during our discussions and negotiations were: strengthening the protection of our citizens’ rights, taking care of our businesses (small and medium enterprises), and being strict with the giants – the ones who are responsible most of the times for the abuse of our personal data.

And I am proud to say that the ‘hand-writing’ and the overall contribution of social democracy towards achieving this goal is highly visible and strong.

Alexander Alvaro is parliament’s ALDE group shadow rapporteur on the general data protection regulation.

For months, the reform of the data protection regulation was one of the most important dossiers on the European agenda. Accordingly, so were the discussions. Polemically, while one side argued that all consumer protection should be abolished, the other argued that no commercial use of data should be allowed at all.

The adopted regulation is a very balanced approach. Parliament’s aim was the creation of mutual trust. Consumers need to be able to trust that their data will be safe, while companies need to be able to trust that it is worth investing in innovative digital business models.

In order to achieve this synergy, we needed a more harmonised concept that laid down an enforceable technology-neutral set of rules. At the same time, this concept had to incentivise businesses to invest in the protection of personal data throughout the entire data lifecycle from its collection to processing to deletion.

Therefore, in October 2012, I presented my concept for the data protection reform entitled, lifecycle data protection management. This concept was entirely incorporated into the reform package and adopted by parliament with a majority.

Concretely, Liberals ensured that there will be more transparency through new standardised icon-based information requirements and a new European data protection seal system. We achieved a boost for privacy enhancing technologies through new data security requirements and focus on data encryption.

We ensured conditions for consent via a new right to erasure and a new right to obtain data. We also achieved new data protection by design and default requirements and clear compliance rules. To make sure that everybody would respect the new regulation, we incorporated incentive oriented sanctioning schemes.

At this stage, Europe had the chance to set the standards for the processing of data in the 21st century. The proposal of the parliament meets this challenge.

Timothy Kirkhope is parliament’s ECR group shadow rapporteur on the general data protection regulation.

LIBE has voted on a series of compromise amendments between the parliament’s political groups that are a significant improvement on the proposals put forward by the Greens rapporteur Jan Philipp Albrecht.

As well as the regulation, MEPs also voted on a separate directive on data protection for law enforcement purposes. We have sought to play a constructive role in the passage of the new data protection regulation. The last data protection rules were drafted before most people had access to the internet, so they are sorely in need of an update.

We want the new regulation to put in place a broad set of principles that will create a level playing field in the EU single market, and ensure greater clarity around the rights and responsibilities of people when it comes to their personal information.

We need to get this regulation right. While the text voted through this evening is still not perfect, it is a significant improvement on previous drafts so the ECR was willing to approve opening negotiations with national governments on that basis. We will seek to use those negotiations to create an even more workable law that enables businesses to innovate while giving people power over their data.

Attached to this regulation is a directive on data protection for law enforcement purposes. This directive should be about protecting the data of innocent people and ensuring they are treated fairly. As it stands, following today’s vote, the text is so prescriptive that it will seriously inhibit law enforcement officers from doing their jobs. We could not support this part of the package and we hope it will be stripped back to make it more workable.”

Cornelia Ernst is parliament’s GUE/NGL group shadow rapporteur on the general data protection regulation.

This vote paves the way to ensuring a high level of protection for EU citizens. The revelations by Edward Snowden have had a major impact on the discussions on data protection and boosted calls for more rigorous data protection standards. Therefore, MEPs have done their duty in listening to those calls.

The GUE/NGL group pushed hard during these negotiations to strengthen the data subject’s rights in cases of profiling, to boost transparency, to restrict access of certain data, to tighten the rules on data transfer to third countries, and for the ‘right to erasure’. Now we will take the fight to the council.