European Commission

Subscribe to European Commission

On 12 March 2019, the European Parliament issued its first position on the text proposed by the European Commission for a Regulation of the European Parliament and of the Council on ENISA (the European Union Agency for Network and Information Security), also known as the EU Cybersecurity Act.

Initiatives to build strong EU-wide cybersecurity

The EU Cybersecurity Act was proposed in 2017 to:

i) Provide a permanent mandate for ENISA (to replace its limited mandate that would have expired in 2020);

ii) Allocate more resources to ENISA to enable it to fulfil its goals; and

iii) Establish an EU framework for cybersecurity certification for products, processes and services that will be valid throughout the EU.

The European Parliament, Council and Commission reached an informal trialogue agreement on the proposal of the EU Cybersecurity Act in December last year. Now that the European Parliament adopted its first-reading position, it is expected that the European Council will adopt the proposed Regulation without further amendments. The Regulation will then be published into the EU Official Journal and will enter into force 20 days following that publication.

Continue Reading The European Parliament adopts first stance to proposed EU Cybersecurity Act

On February 14, 2019 the European Commission, European Parliament and Council of the European Union agreed to implement new rules designed to ensure a fair, transparent and predictable business environment to the benefit of both end consumers and entrepreneurs using third-party online platforms for their business. The Council and European Parliament will adopt these new

On 23 January 2019, the European Commission adopted an adequacy decision for Japan, with immediate effect. The decision certifies Japan as having a comparable level of data protection to that of the European Union.

On the same day, Japan adopted an equivalent decision regarding the EU’s data protection regime. This is the first example of

In April 2018 the European Commission (Commission) published its Communication on the digital transformation of health and care in the Digital Single Market (Communication). The Commission outlined the need for reforms to health care systems and the development of innovative digital solutions. On 6 December 2018, the European Economic and Social Committee (EESC) published its opinion on the Communication (Opinion) in which it expressed its agreement with the vision set out by the Commission.

Opinion of the European Economic and Social Committee

The EESC noted its support of the Commission’s proposed action in relation to three main areas: (i) secure access of the public to, and sharing of, health data across borders; (ii) disease prevention and personalised health and care; and (iii) digital tools for citizen empowerment and person-centred care.

The Opinion focuses on the impact of digital transformation on five main areas:


Continue Reading Digital transformation of health and care

On 22 June 2018, the European Commission published a factsheet that provides a visual summary of the actions taken to date to implement its Digital Single Market strategy. The Digital Single Market strategy refers to the European Commission’s mission to ensure access to online activities for individuals and businesses under conditions of fair competition, consumer and data protection, removing geo-blocking and copyright issues.

The factsheet sets out a timeline, which shows the status of each of the Digital Single Market strategy initiatives presented by the Commission since its announcement of the Digital Single Market strategy in 2015. The factsheet shows that 29 legislative initiatives have been presented, of which 17 have been agreed by the European Parliament, the Council of the EU and the Commission.

There remain 12 Commission legislative initiatives that the European Parliament and the Council are yet to reach agreement on. Notably, the forthcoming ePrivacy Regulation initially envisaged as coming into force at the same time as the General Protection Regulation 2016/679 remains very much in the negotiation process. With the upcoming European elections in 2019 looming ever closer, there is a very real danger that unless rapid progress is made, the whole adoption process could find itself put on hold.

Continue Reading Commission publishes factsheet on Digital Single Market strategy

On 5 July 2018, the European Parliament demanded in a resolution that the European Commission suspends its EU-U.S. Privacy Shield unless the U.S. administration introduces adequate data protection safeguards by 1 September 2018. The Privacy Shield agreement is aimed at facilitating data transfers of EU personal data to the United States. The non-binding resolution was passed 303 to 223 votes, with 29 abstentions, and calls on the European Commission to suspend the data-sharing deal unless the United States is fully compliant by September 1.

Issue

The European Parliament admonishes the United States for failing to ensure effective ‘adequate protection’ of the transfer of EU personal data to the United States.

The European Parliament critiques that the U.S. administration has been slow to meet requirements set forth by the General Data Protection Regulation (GDPR), which specifies that special data sharing arrangements with countries outside the EU can only remain in place if those countries have independent authorities that properly oversee how Europeans’ data is handled once it moves abroad. The United States has failed to appoint members to the U.S. Privacy Civil Liberties Oversight Board (PCLOB), or to appoint a permanent Ombudsman to chair the PCLOB.

Continue Reading European Parliament calls for suspension of EU to U.S. data transfers under the Privacy Shield

You may well remember our blog from last year which outlined the Commission’s proposal for a framework in relation to the free flow of non-personal data in September 2017 (you can view our blog here).

On 19 June 2018, the European Parliament, Council and the European Commission reached a political agreement on the rules that will allow data to be stored and processed everywhere in the EU, without unjustified restrictions.

In addition to supporting the creation of a competitive data economy within the Digital Single Market, these new rules will remove barriers which hinder the free flow of data. Predictions suggest that this could boost Europe’s economy by an estimated growth of up to 4 per cent GDP by 2020. You can find more information on the European Commission’s website.

Key objectives

The new rules on the free flow of non-personal data will:

  • Ensure the free flow of data across borders: this will prohibit data localisation restrictions permitting organisations to be able to store data anywhere in the EU. Also, requiring Member States to communicate to the Commission any remaining or planned data localisation restrictions in “limited specific situations of public sector data processing”.
  • Ensure data availability for regulatory control: allowing public authorities to access data – for scrutiny and supervisory control – despite where it is stored and/or processed in the EU. Also, Member States may sanction users that do not provide access to data stored in another Member State.
  • Encourage creation of codes of conduct for cloud services: to facilitate switching between cloud service providers under clear deadlines. The Commission states that this “will make the market for cloud services more flexible and the data services in the EU more affordable”.


Continue Reading EU reaches agreement on rules allowing free flow of non-personal data

Background

On 22 November 2017, the Court of Justice of the European Union (“CJEU”) gave judgment in a case taken by the not-for-profit company, Digital Rights Ireland Limited (“DRIL”). DRIL sought an annulment of the European Commission’s Privacy Shield decision. This decision states that the US ensures an adequate level of protection for personal data transferred from the EU to companies in the US under the EU-US Privacy Shield (the “Contested Decision”).

The CJEU ruled that DRIL’s annulment request was inadmissible for two reasons; (1) it cannot show that it is sufficiently affected by the Contested Decision to bring proceedings in its own name; and (2) a lack of standing to bring proceedings in the name of its members, supporters and the general public.

In this case, the DRIL acted as the applicant and the European Commission was the defendant.

Admissibility of the action brought by DRIL in its own name

DRIL presented three arguments to demonstrate the admissibility of the action brought in its own name.

Argument 1: DRIL argued that, given that it possesses a mobile phone and a computer, its own personal data is liable to be transferred to the US pursuant to the Contested Decision. The CJEU rejected this argument. The CJEU ruled that in its capacity as a legal person, DRIL does not possess personal data. The Data Protection Directive only provides for the protection of personal data of natural persons, not legal entities.

Continue Reading CJEU rules Digital Rights Ireland’s Privacy Shield invalidation action inadmissible

The European Commission has issued a proposal for a new Regulation on the free flow of non-personal data (“the Proposal”).

Background

The Commission adopted a Communication in January 2017 on “Building a European Data Economy”, in which its work on free flow of data was announced in the context of actions to enhance the data economy. The Commission then launched a public consultation and dialogue with stakeholders to gather further evidence on the issues restricting the free flow of data.

The Commission has identified the main obstacles that preclude free flow of data in the Digital Single Market as follows:

  • Unjustified data localisation restrictions by Member States’ public authorities
  • Legal uncertainty about legislation applicable to cross-border data storage and processing
  • A lack of trust in cross-border data storage and processing linked to concerns among Member States’ authorities about the availability of data for regulatory scrutiny purposes
  • Difficulties in switching service providers (such as cloud) because of vendor lock-in practices. The Proposal is intended to address these obstacles and remove barriers to data mobility. This is important for the data economy because removing data localisation restrictions is expected to generate additional growth of up to 4% GDP by 2020 (as estimated by Deloitte in one of the support studies). It will also drive down the cost of data services, providing customers greater flexibility in organising their data management and data analytics, while expanding their use and choice of providers.

In practice, these obstacles mean that a business may not be or feel free to make full use of cloud services, choose the most cost-effective locations for IT resources, switch between service providers, or port its data back to their own IT systems. The Commission considers that with the principle of free flow of non-personal data, businesses can avoid duplication of data at several locations, may feel more confident to enter new markets, and scale-up their activities more easily.

The Proposal is intended to address these obstacles and remove barriers to data mobility. This is important for the data economy because removing data localisation restrictions is expected to generate additional growth of up to 4% GDP by 2020 (as estimated by Deloitte in one of the support studies). It will also drive down the cost of data services, providing customers greater flexibility in organising their data management and data analytics, while expanding their use and choice of providers.
Continue Reading Proposal for a Regulation on the free flow of non-personal data in the EU

“A year from now, the European Union will start benefiting from the new data protection standards.”

This week, the European Commission’s most senior voices gave an official statement promoting the benefits of the new General Data Protection Regulation (GDPR). Andrus Ansip (Vice-President) and Věra Jourová (Commissioner) of the European Commission aimed their statement at all