New data protection laws that radically change the way businesses operate in Europe could be in place before the end of the year after justice ministers provisionally approved the long-discussed changes.
In the latest stage in the process, ministers in the Justice Council have agreed on a finalised version of the laws, which paves the way for final discussions between the European Parliament, the EC and the Council of the EU.
This agreement has kept much of the original proposals from the first data protection regulation, the most fundamental of which is that the law will be applied equally across the EU, rather than as a patchwork of different rules.
This is designed to make it easier for large enterprises and SMBs to operate in the region with more clarity and confidence in the data protection regime.
It should also make life simpler for consumers by ensuring that all firms in Europe follow the same data protection laws, and that their home data protection authority can be approached about data protection concerns in other nations.
Furthermore, data protection authorities will have increased fining powers. Non-government organisations and charities will face fines of up to €1m and enterprises up to two percent of global turnover.
Another major impact of the proposed laws is that any business operating in Europe, even if it is not a European company, will have to adhere to these rules, which could create tension between major US cloud providers such as Amazon, Microsoft and Google, and the demands of the US government.
EC ministers were upbeat on the approval from the Justice Council, claiming that it was an important step forward and showed that there is agreement about how important new data protection laws are for the region.
Andrus Ansip, vice president for the Digital Single Market, said: “Data protection is at the heart of the Digital Single Market; it builds a strong basis to help Europe make better use of innovative digital services like big data and cloud computing."
Věra Jourová, commissioner for justice, consumers and gender equality, added: "Citizens and businesses deserve modern data protection rules that keep pace with the latest technological changes.
"High data protection standards will strengthen consumers' trust in digital services, and businesses will benefit from a single set of rules across 28 countries."
The first meeting between the EC, the European Parliament and the Council of the EU will take place on 24 June with the intention of agreeing a finalised roadmap for the introduction of the new laws before the end of 2015.
The laws being welcomed by EC chiefs, but those in the corridors of power in the UK may be less thrilled, and the government and the Information Commissioner’s Office (ICO) have previously raised concerns with the proposals.
ICO deputy commissioner David Smith said that he was pleased to see the latest development, which should bring clarity to firms and individuals in Europe.
“Today’s agreement by EU member states is an important step towards data protection reform, but there is still a long way to go on this journey," he said.
“Reforming data protection law is important. The UK Data Protection Act is based on a European law that is outdated, and modernisation is needed. It’s important to get these changes right, so new legislation can stand the test of time and will be as easy as possible for people to understand.”
Mark Weston, a partner at law firm Matthew Arnold & Baldwin LLP, said that the new law is likely to arrive before the end of the year and firms should start considering its impact on their operations sooner rather than later.
“We work in a truly global economy where our operations span many jurisdictions and capture considerable amounts of what is now regarded as personal data,” he said.
“Our advice to companies is to nominate an individual to ‘own’ this directive and its implications from this early stage so that they can prepare properly, and not to be afraid of seeking external advice.”
Q3 losses reverse Q2 gains
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons