During a plenary session, the European Parliament adopted last week (12 March 2014) the new data protection package. The data protection regulation and the enforcement directive reform the existing legal framework which is already 19 years old. The MEPs have expressed their concerns about the delay in the adoption caused by some Member States and have urged the Council to act swiftly in order to guarantee a high data protection standard for the EU citizens. The package introduces new rules for data transfers from the EU to third countries. To prevent abuses experienced in the recent years, the firm intending to transfer EU citizen´s personal data to a third country will be obliged to seek approval by the national regulator and will need to inform the citizen of such request. If any firm fails to respect the EU rules, it will be subject to fine of €100 million or 5% of its yearly global turnover, whichever is higher. Considering online data, new clear rules have been adopted for profiling, user will be allowed to ask for removal of his personal data and privacy policies will need to be written in an easily understandable form. Any personal data online will need to be collected only after an explicit approval by the user. The package was adopted in the first reading and in order to come into force it will need to be adopted also by the Council. Any future steps by the EP will be made only after the May EP elections.
2nd May 2018