Ladies and gentlemen,

It is a great pleasure to be back at the Annual European Data Protection and Privacy conference.

We have come a long way since last year's event.

The EU data protection reform is now in its very final stage. We hope to reach agreement already within the next two weeks.

This is in particular thanks to the determined efforts of the Luxembourg Presidency of the Council. Minister Felix Braz will speak to you in a moment and tell you how he made this happen!

I will focus this morning on the changes this reform will bring and what the Commission will do to support its implementation.

From the outset, the aim of this reform has been to strengthen the fundamental rights of individuals, and at the same time to simplify the regulatory environment for businesses operating in Europe's single market. And we have stayed true to these two goals throughout the negotiations.

I am confident that the new data protection rules will benefit competitiveness and innovation in Europe.

Businesses will benefit by saving around 2.3 billion EUR per year only in terms of administrative burden and compliance costs deriving from the current fragmentation of national data protection laws. Money that they can now invest in further developing and growing their business.

The new rules will strengthen consumers' trust in the internet and in the Digital Single Market.

The new rules will create a level playing field for all companies offering goods or services online and by doing so, will boost the European digital economy.

Many companies already embracy new privacy and data security standards, because their customers demand it!

The new rules – and the sanctions in place to enforce them – will encourage others to follow this trend.

The reform also creates strong incentives for companies to invest in "privacy-by-design" and to use techniques like pseudonymisation.

And the reform provides for specific rules in the area of scientific processing.

These are important elements for "big data" analytics, which opens many new economic opportunities for Europe

The data protection reform is therefore a key enabler for the Digital Single Market.

As I said, we expect to reach agreement within the next two weeks.

Thereafter the Commission's priority will be on preparing the implementation.

During the two-year transition phase, we will inform citizens about the rights and companies about their obligations. Above all, we will work very closely with the data protection authorities – the future European Data Protection Board – to ensure a uniform application of the new rules.

Data Protection Authorities will work more closely together in the future, especially through the one-stop shop mechanism to solve cross-border data protection cases.


Ladies and Gentlemen, let me now say a few words about transatlantic data flows, following the Court ruling of 6 October in the Schrems case.

The Court ruling reaffirmed the fundamental right to data protection, including where data is transferred outside the EU.

It also confirmed the Commission's view that the old Safe Harbour arrangement had deficiencies that had to be addressed.

We have been negotiating a renewed, safer arrangement for transatlantic data transfers with our American partners since 2014.

When I was in Washington three weeks ago, I continued to work together with our U.S. partners on a renewed framework that will allow for continued data flows between Europe and the U.S.

A renewed arrangement that will mean robust safeguards for citizens and legal certainty for businesses.

I got the impression in Washington that the U.S. side shares this aim and I hope they share our sense of urgency after the judgment. We will hear more from Julie Brill about this in a moment.

When I met business and industry representatives in Brussels and Washington they emphasized that they were looking for on international data transfers following the ruling.

This is why on 6 November the Commission issued an explanatory Communication setting out the remaining transfer tools, the conditions under which they can be used and their limitations.

But, given the importance of our economic ties with the US, it is clear that we need a more comprehensive framework in place, that ensures proper protection and enforcement on both sides of the Atlantic. And this is what the Court ruling requires: where personal data travels, the protection has to travel with it.

We already managed to reach a transatlantic agreement in the area of data protection in the law enforcement area: the Umbrella Agreement.

I am therefore confident that we can build a similar bridge, with clear binding commitments and enforcement, also in the commercial field.

The Umbrella Agreement can be ratified once the US Congress adopts Judicial Redress legislation granting to Europeans the same rights that U.S. citizens and residents already enjoy under the 1974 Privacy Act.

I am pleased that the Judicial Redress Act was passed by the House and I now look forward to its adoption by the Senate. I understand the Senate Judiciary Committee will consider it later today.

I had a meeting with its Chairman in Washington and we discussed how important the Umbrella Agreement is, to ensure strong law enforcement cooperation based on mutual truest and common rules in the area of data protection.

On that note, before concluding, let me say a few words about security and the recent attacks in Paris and elsewhere.

The Paris attacks were an attack against our freedoms, our way of life, and our values of tolerance and peaceful coexistence. It is precisely these values that we will defend.

And it is precisely to increase the cooperation between law enforcement authorities,that we need to finalise the Data Protection Directive for police and criminal justice authorities.

This Directive will ensure the free flow of personal data necessary to investigate and prevent crime and terrorism, based on common rules on the protection of personal data.

Let me be clear: this does not limit the effectiveness of law enforcement. On the contrary, it gives them more clarity and legal certainty when exchanging data cross-border. And the rules serve to protect not only the personal data of suspects but of victims and witnesses.

As Justice Commissioner, I am also doing my part to actively promote , and to fight discrimination in our societies. In October, we held a high-level event on fighting both anti-Semitism and anti-Muslim hatred.

And with European Justice Ministers, we also agreed to do more to prevent the of young people in some of our prisons - and to do it jointly.

And last week we set up a round table with industry players to take hate speech off the internet. In Europe, there must be no place for hate, whether online or offline.

Ladies and gentlemen,

I wish you fruitful discussions on data protection today. This will continue to be an important priority for the Commission after the finalisation of the reform, when we turn to its practical implementation, in partnership with data protection authorities and with the business community.