Progress on EU data privacy reform: “irreversible”

Today, the European Parliament voted through the new EU Data Protection reform package (621 in favour of the new Regulation and 10 against with 22 abstentions). It’s a clear endorsement of the proposals.  The EU press release says this reform is “a necessity” and is now “irreversible”.

Viviane Reding (the EU Justice Commissioner) said that strong data protection is Europe’s trade mark. She also referred to the US data spying scandals as indicating that data protection is more than ever a competitive advantage.


  • MEPs increased the fines to be imposed on firms that break the rules to up to Euro 100 million or 5% of annual worldwide turnover (increased from Euros 1 million / 2% of annual worldwide turnover)
  • Data exports to be only permitted with prior authorisation
  • Rights to have data erased, limits on profiling and plain language privacy policies will be the norm
  • The Principle of Accountability underpins the whole proposal: so the focus on governance, policies, procedures, audits and appointing a Chief Privacy Officer / Data Protection Officer is key

Next steps

The European Parliament will not change its position even if the composition of the Parliament changes after the EU elections in May. The Parliament will now negotiate with the Council (representing the 28 EU member state governments).  So far the Council has said it broadly supports the proposals but the detail is yet to be confirmed and, we we blogged last week, they recognise that there is still work to be done.


The fact that the Council has yet to define its position means that this is not yet final. Expect more negotiations on this when the Justice Ministers meet in June.

Viviane Reding says this is about strengthening protection for citizens and making life easier for business. Many will take issue with the second part of that statement.

Interesting, there was less Parliamentary support for the new Data Protection Directive regulating privacy issues in relation to law enforcement bodies (this sits separately from the proposed general Regulation). However, this was also voted through even if less decisively (371 in favour, 276 against with 30 abstentions).

Subscribe and stay updated
Receive our latest blog posts by email.
Nick Graham

About Nick Graham

Nick Graham is the Global Co-Chair of Dentons' Privacy and Cybersecurity Group. He specialises in data privacy, cybersecurity, information governance. Nick advises across all sectors including retail, telecoms, energy, manufacturing, banking, insurance, transport, technology and digital media.

Full bio