[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] Data protection: Commission proposes Regulation to protect


-------------------------------- CUT --------------------------------

                Data protection: Commission proposes Regulation to 
                protect data within EU institutions and bodies

                A proposal for a Regulation to protect personal data
                within European Union (EU) institutions and bodies has
                been put forward by the European Commission. The
                proposed Regulation would lay down rules to ensure a
                high level of protection for personal data processed
                by each of the Community institutions and bodies and
                establish an independent supervisory body to monitor
                application of these rules. The EU institutions are
                obliged to introduce such data protection safeguards
                by the new Article 286 of the EU Treaty (as amended by
                the Amsterdam Treaty). The proposed Regulation has to
                be adopted by the Council of Ministers and the
                European Parliament under the co-decision procedure.

                EU institutions and bodies, and the Commission in
                particular, handle personal data as part of their
                everyday work. The Commission exchanges personal data
                with Member States in implementing the common
                agricultural policy and the Structural Funds, in
                administering the customs union and in pursuing other
                EU policies. The data protection Directive (95/46/EC)
                is addressed to the Member States and does not apply
                as such to the Commission or the other EU institutions
                and bodies. When the Directive was adopted in 1995,
                the Commission and the Council made a public
                declaration undertaking to comply with it. This
                undertaking has become binding with the entry into
                force of the Amsterdam Treaty.

                The data protection rules in the proposed Regulation
                are based on the existing EU rules on data protection
                which apply to the Member States, in particular the
                Data Protection Directive 95/46/EC. However, the
                Directive itself is a framework law and it requires a
                more detailed Regulation, which is directly
                applicable, to lay down operational rules for the
                institutions. Under the proposed Regulation, personal
                data would have to be:

                     processed fairly and lawfully 
                     collected for specified, explicit and legitimate
                     purposes and not further processed in a way
                     incompatible with those purposes adequate,
                     relevant and not excessive in relation to the
                     purposes for which they were collected and/or
                     further processed accurate and, where necessary,
                     kept up to date (every reasonable step would have
                     to be taken to ensure that data which were
                     inaccurate or incomplete in relation to the
                     purposes for which they were collected or for
                     which they were further processed, were erased or
                     rectified) kept in a form which permitted
                     identification of data subjects for no longer
                     than was necessary for the purposes for which the
                     data were collected or for which they were
                     further processed. 

                Citizens would enjoy legally enforceable rights under
                the proposed Regulation, such as rights of access,
                rectification, blocking and deletion of personal data
                relating to them from the files held by each EU
                institution and body.

                The proposal would establish a European Data
                Protection Authority, which would be a new independent
                EU body, responsible for monitoring the correct
                application of the data protection rules by the EU
                institutions and bodies. It will be a body comparable
                to the data protection authorities in the Member
                States as provided in the Data Protection Directive.
                Citizens would be able to lodge complaints directly
                with the European Data Protection Authority if they
                considered their data protection rights under the
                Regulation had not been respected.

                Date: 15 July 1999
                For further details: E1@dg15.cec.be

-------------------------------- CUT --------------------------------