On 15 December 2015, the European Union Parliament, the European Union Council and the European Union Commission reached an agreement on the new data protection rules, establishing a modern and harmonized data protection framework across the European Union (EU) with relevance to third world countries. The political support offered to these new rules by the competent EU Institutions was widely approved as the innovative framework will also serve the purpose of enhancing and supporting the EU.
On 27 April 2016, the European Parliament and Council adopted the (universally known as “ ”). On the same day, both institutions also adopted the . On 4 May 2016, the official texts of this Regulation and this directive have been published in the EU Official Journal in all the official languages. While the entered into force on 24 May 2016, and started to be effective the . The entered into force on 5 May 2016 and EU Member States transposed it into their national law by .
The is celebrated as an essential step to strengthen EU citizens’ fundamental rights in the digital age and facilitate business by simplifying rules for companies in the Digital Single Market. For instance, it aims to simplify and clarify the current fragmentation and costly administrative burdens. The EU Commission has calculated that this simplification will lead to savings for businesses of around €2.3 billion a year. The directive for the police and criminal justice sector, instead, aims to protect EU citizens’ fundamental rights to data protection whenever personal data is used by criminal law enforcement authorities. It wants to ensure that the personal data of victims, witnesses, and suspects of crimes are duly protected. The directive aims also to further facilitate cross-border cooperation of competent bodies in the fight against crime and terrorism.
The EU Commission will be responsible to adopt decisions on the adequacy of the protection of personal data in third world countries, when related to the transfer of EU citizens’ data to such countries. In fact, the European Council and the European Parliament have given the EU Commission the power to determine, on the basis of Art. 25(6) of whether
The adoption of a (comitology) Commission decision based on Art. 25.6 of the Directive involves:
- A from the Commission
- An ” in the framework of the “<
- An comitology “examination procedure”, under the
- The by the College of Commissioners;
- At any time, the and the European may request the Commission to the adequacy decision claiming its act exceeds the implementing powers provided for in the directive.
The effect of such a decision of the Commission is that personal data can flow from the 28 EU countries and three EEA member countries (Norway, Liechtenstein and Iceland) to third world countries without any further necessary safeguards.
The Commission has so far recognized as providing adequate protection.
All information contained in this page is of official source, accessible at the European Commission