New European Data Protection Directive Posted by John on 14 October 2015

In a significant week for Data Protection, Ministers in the EU's Justice Council have agreed on the final draft of the proposed Data Protection Directive for the police and criminal justice sector. 

Commissioner for Justice, Consumers and Gender Equality, Věra Jourová has welcomed the latest agreement: "The right to personal data protection is a fundamental right in the EU. Victims and witnesses, but also suspects of crimes have the right to have their data duly protected in the context of a criminal investigation or a law enforcement action. The common rules and principles we have proposed will ensure that. At the same time more harmonised laws will also make it easier for police or prosecutors to work together in cross-border investigations and to combat crime and terrorism more effectively across Europe."

The principal aim of the new Directive is to preserve a citizens' right to data protection when their data is processed by law enforcement authorities. As the Commission states; “Everyone’s personal data should be processed lawfully, fairly, and only for a specific purpose. All law enforcement processing in the Union must comply with the principles of necessity, proportionality and legality, with appropriate safeguards for the individuals.” This mirrors the standards set out under current data protection law and emphasises the priority of data protection as a fundamental right.

In addition, the Directive is set to reduce the administrative burdens on authorities which require the use of someone’s personal data for law enforcement purposes. Essentially, the same set of data protection rules will apply irrespective of the origin of the personal data. Clear principles and standards will apply to both domestic and cross-border use of data and will expediate international cooperation procedures between law enforcement agencies. Furthermore, the new law will also establish general principles for the transfer of data to authorities outside of the EU.

The next stage in the process will be the trilogues between the Commission, the European Parliament and the Council of the EU on the Directive which begin later this month. This echoes the trilogues process on the General Data Protection Regulation which began in June of this year. 


As such, this latest agreement ensures that the EU is set to finalise its data protection reform schedule and create a digital single market by the end of this year. Together with the recent judgment of the European Court of Justice in the Schrems/Facebook case there is comprehensive reform occurring at present in European, and indeed global, data protection standards. Personal data and privacy, currently regulated via piecemeal, antiquated legislation is finally set to become streamlined and clearly defined. We at PrivacyEngine are available to assist commercial compliance through this period of reform as data protection becomes ever vital to modern business functionality.