Brussels, 6 December 2011
Ladies and Gentlemen,
I am happy to be with you today at the second annual European Data Protection and Privacy Conference. I am glad to see so many esteemed colleagues and experts from the United States. With such an audience, I am sure that we will come away from this conference fired up with bright new ways to ensure data protection on both sides of the Atlantic.
I would to talk about the current data protection and privacy landscape in Europe and challenges for the future of trans-Atlantic cooperation. I will also give a preview of what I have in mind to ensure the fundamental right to data protection here in Europe.
Firstly, how do we in the European Commission see data protection and privacy today? You know perfectly well how much technology has progressed and how the world has become much smaller over the past 16 years, since our current Data Protection Directive was created.
In the digital age, the collection and storage of personal information are essential. Data is used by all businesses – from insurance firms and banks to social media sites and search engines. In a globalised world, the transfer of data to third countries has become an important factor in daily life.
We all know that data is a key economic asset. Vast amounts of personal information are transferred and exchanged every day, around the globe in fractions of seconds. We need to facilitate these exchanges if we are to encourage innovation and stimulate growth. But we also need to protect the rights of those whose personal data is transferred to third countries, outside the European Union.
So how are we doing this in Europe?
I want to create a level playing field for companies and create rules which are business-friendly. I want to simplify the rules and eliminate unnecessary costs and administrative burdens. Inconsistent rules hold back businesses. If we want to encourage companies to take advantage of new technologies and operate across borders, we need to make the rules simpler.
One good tool which facilitates secure transfers of data is binding corporate rules. These codes of practice are based on European data protection standards. Businesses adopt them to ensure adequate safeguards for transfers of data between companies, even those situated outside the European Union. Once approved by our data protection authorities, they become legally binding. In my reform I want to make it easier for companies to develop such rules and have them approved.
I also want to simplify the regulatory environment. I want to introduce one data protection law in Europe and have one single data protection authority for each business. The rule is simple: A business will be subject to the data protection authority in the Member State of its main establishment in the EU. To get it consistently done, we need reinforced cooperation between fully fledged data protection authorities in our Member States.
All these measures will allow companies to sell goods and services under the same rules to 500 million people. This massive market is a huge opportunity for companies surrounded by clear legal rules.
This is for business side. However, this must not be done at the expense of individuals’ rights. Their data needs to be properly protected. We Europeans place a high value on privacy and data protection: The right to protection of personal information is enshrined in our Treaty and our Charter of Fundamental Rights.
This is why I will propose a new European law on data protection next month. It will replace the law from 1995, when the full potential of the internet had not yet been realised. In a world of ever-increasing connectivity, our fundamental right to data protection is in this moment seriously tested. Although the basic principles and objectives of the 1995 Directive remain valid, the rules need to be adapted to new technological challenges. Here to read more.