Action 12: Review the EU data protection rules

What is the problem? Data protection rules vary and are difficult to understand

EU citizens have the right to the protection of their personal data and of their privacy in the online world. However, these rights are encoded in many different laws and are not always easy to grasp, while national approaches to data protection rules can vary widely across the EU.

Why is EU action needed? Lack of trust means less online business

This lack of clarity in online privacy rules triggers a lack of trust among consumers, which slows down the growth of Europe's online economy. Worries about payment security privacy concerns and trust were some of the top reasons for not making online purchases in a survey of people who did not shop online in 2009. Recent surveys and independent studies confirm that privacy concerns continue to grow among the public.

What has the Commission done so far and what are the next steps?

The European Commission (DG JUST in lead) has reviewed the existing EU data protection framework. On 25 January 2012 the Commission proposed a data protection Regulation with the aim of modernizing the legal framework and enhancing the trust and confidence of European consumers.

In 2010 & 2011:

  • The Commission consulted the public and stakeholders, adopted a Commission Communication on renewing the EU data protection rules.

In 2012:

  • The Commission adopted a data protection Regulation to strengthen online privacy rights and boost Europe's digital economy.
  • The Commission is currently working with the Parliament and Council towards final adoption of the Regulation.