A major overhaul of current EU data protection rules is currently being proposed by the European Commission. In this regard, the European Commission presented in January 2012 a legislative package to improve data protection rights within the EU, ("the Data Protection Reform Package"). The Data Protection Reform Package comprises of a draft Directive and draft Regulation. The reforms are chiefly embodied in the draft Regulation.

Updated Requirements

The key proposals under the Data Protection Reform Package are:

The right to be forgotten

A person can request that their data be deleted if they no longer want it to be processed and there are no legitimate reasons for holding such data.

Explicit Consent

A company could process personal information only after obtaining clear permission from the person who could withdraw his/her consent at any time.


Profiling is defined as automated analysis of personal data to predict behaviour. This practice can only be carried out in certain limited circumstances.

Data Portability

A person would have the right to request a copy of all his/her data in electronic form to be transferred to another provider.

Clear and plain language

Data controllers should use clear, plain language adapted to the data subject.

Data Protection Officer

Companies employing at least 250 employees would be required to appoint a Data Protection Officer.

The European Parliament's Committee on Civil Liberties, Justice and Home Affairs ("LIBE") voted to adopt its position with regards to the Data Protection Reform Package. This vote sets out the European Parliament's position for its negotiations with the European Council and the European Commission (known as the "trialogue" stage). The position adopted by the European Parliament paved the way for the European Council to agree its position in December 2013 and it was originally hoped that all parties could reach agreement before May 2014 (when the European Parliament elections are due to be held). However, the European Council failed to make any progress on its agreed position with regards to the draft Regulation when it met on Friday 6 December 2013. Consequently progress has lost momentum, however it is still hoped that the text of the draft Regulation will be agreed upon in 2014 in which case it would likely come into effect in 2016. Businesses and other organisations which think they might be impacted by the Data Protection Reform Package are, therefore, advised to keep a close eye on these developments.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.