On May 19 and 20 the European Commission held a conference which was perhaps the most important data protection event in Brussels since the Commission conference on evaluation of the EU Data Protection Directive 95/46/EC held in 2002. The conference was part of the Commission’s current evaluation of the Directive, and was designed to explore both the current status of data protection in the EU and where it is headed in the coming years. Speakers included Jacques Barrot, the European Commissioner in charge of justice, freedom and security; Alex Türk, chairman of the CNIL (French Data Protection Authority) and the Article 29 Working Party; European Data Protection Supervisor Peter Hustinx; and representatives of European academia, business and non-governmental organizations.
Several major themes emerged from the conference:
- While many are calling for amendment of the Directive in areas such as notifications to data protection authorities and international data transfers, there is little consensus on what those changes should be, or how far they should go. There is also apprehension that attempts to amend the Directive may lead to unforeseen changes that could worsen the current situation. These fears may act as a kind of inertia, lessening the likelihood that the Directive will be amended.
- Several data protection authorities made the point that they are now putting much greater effort into enforcement than they were in the past, and that they are finally being given greater enforcement powers. Thus, companies need to be aware that the data protection enforcement risk in Europe is increasing.
- There is great interest in the increased harmonization of data protection rules, including on a global basis. The Spanish Data Protection Authority is currently leading an initiative to draft global data protection standards, with the possible goal of having the UN adopt a global convention on data protection. Additional information about that initiative is available here.
The conference will be followed by an “open consultation,” which will likely take the form of the European Commission requesting that interested parties submit papers on various data protection topics. The Commission is also currently preparing a legal study on Member States’ implementation of the Directive, and will make proposals on possible amendments in 2010. Possible changes to the Directive will also be influenced by whether the EU’s Lisbon Treaty comes into effect early next year. In any event, the next two years will be crucial to determining the EU’s future legal framework for data protection.