- •Ministry of science and education of ukraine ukrainian state university of finance and
- •International trade
- •Introduction
- •Chapter 1 legal framework
- •1.1. Directives
- •Regulation
- •Definitions
- •Fundamental Principles Governing Personal Data Processing
- •Grounds for Processing of Personal Data
- •Processing of Special Categories of Data
- •Exemptions
- •Rights of Data Subjects
- •Data Collection by Smartphone Applications
- •Transfer of Personal Data to Third Countries Outside the eu
- •Chapter 2 pending reforms
- •2.1. Definitions and Basic Principles
- •2.2. Processing of Special Categories of Data
- •2.3. Processing of Health Data
- •Chapter 3 role of data protection authorities
- •3.1. Eu Level: European Data Protection Supervisor
- •3.2. Member States
- •Designation of Data Protection Officers
- •Summary
- •List of sources
Chapter 2 pending reforms
Since 1995, when the EU put in place fundamental rules on personal data protection, technology and globalization have drastically affected the processing of personal data. Social networks altered the methods of sharing information and the advent of cloud computing, by which more data is stored on remote servers rather than personal computers, poses new challenges. At the same time, the 1995 Data Protection Directive did not achieve the anticipated level of harmonization of data protection rules in the EU. Meanwhile, according to estimates, 250 million people are daily users of the Internet in Europe [13], and European citizens are becoming increasingly aware of risks to their privacy and personal data posed by online activities. The Commission's 2010 Communication, A Comprehensive Approach on Personal Data Protection in the European Union, emphasized that the EU “needs a more comprehensive and coherent policy on the fundamental right to personal data protection”. The Commission's efforts have garnered support from the Parliament and the Justice and Home Affairs Council of the EU. The latter, in its February 2011 conclusions, agreed with a number of the proposed changes [14].
On January 25, 2012, the European Commission published its proposal for the reform of EU legislation on data protection. The twin objectives of the proposal remain the same as that of the Data Protection Directive. The pending reform is designed to meet the challenges posed by contemporary Internet developments and to safeguard personal data irrespective of future changes in technology and the digital environment.
The Commission's reform package contains two legislative pieces: (a) a draft regulation on the Processing of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), and (b) a Directive on the Protection of Individuals with Regard to the Processing of Personal Data by Competent Authorities for Criminal Offenses. The Commission opted for a regulation because of its direct applicability in the legal order of the EU Member States and because, once it is enforced, it will result in greater legal certainty and improve the protection of personal data of individuals. The draft regulation is based on the new legal basis established by article 16 of the TFEU, and once adopted by the Council and the Parliament it will repeal the Data Protection Directive.
In its March 2012 Opinion on the Data Protection Reform Proposals, the Article 29 Data Working Party endorsed certain proposals contained in the draft regulation that are designed to improve data subjects' rights, enhance the responsibility of controllers, and strengthen the position of supervisory authorities at the national and international levels. However, it criticized the introduction of a separate Directive to protect personal data in the area of police and criminal justice because of its potential to result in less consistency and less protection of data subjects. Moreover, it opined that the provisions of the Directive need to be aligned with those of the Regulation, so that personal data are well safeguarded. The Data Protection Working Party expressed its regret that neither instrument deals with the issue of the collection and transfer of data by private parties or non-law enforcement public authorities for law enforcement purposes. It also expressed its reservations regarding the Commission's authority, granted by the draft regulation, to adopt delegated and implementing acts to fully implement the regulation.