In 2015, a number of high-profile media and political events and several legal cases raised questions about personal data protection in the European Union. 2016 looks to be a pivotal year for reforms in personal data protection, including issues related to recent matters.

The following developments are anticipated:

  • The General Data Protection Regulation will form the centerpiece of the new legislative framework on data protection for private individuals. Of direct applicability and unitary implementation, it should be adopted in early 2016 and will reinforce data protection rules and sanctions;
  • A new Data Protection Directive for Police and Judicial Cooperation in Criminal Matters should also see the light of day. It will aim to reinforce data protection safety in the context of crime prevention information exchanged between law enforcement agencies of both member states and non-EU members;
  • A new agreement is expected between the EU and the US to remedy the invalidation of the Commission’s Safe Harbor decision by the Court of Justice of the European Union (CJEU) in its ruling issued on October 6, 2015 (C-362/14). Currently under negotiation, the new agreement will provide a clear legal basis for data transfers to the U.S. and more controlled enforcement measures.

Besides these projects, other initiatives expected to be advanced include:

  • A new Data Retention Directive will replace the previous one, invalidated by the CJEU on April 8, 2014 (C-293/12 and C-594/12). This instrument will largely harmonize the general data retention obligations imposed by EU member states to telecommunications operators for crime and terrorism prevention;
  • A new agreement will establish enhanced cooperation for air passenger data collection and exchange between both member states and non-EU members (Passenger Name Record);
  • A Cyber Security Directive will provide harmonized principles in the matter of general IT security;
  • The E-Privacy Directive of 12 July 2002 (2002/58/EC), which establishes specific rules tailored to the protection of one’s private life on the Internet, will be revised.

The European political objectives are clear: adapt the data protection legal framework to the new digital economy environment but, at the same time, introduce new instruments to fight criminal activities (Directive for Police and Judicial Cooperation in Criminal Matters, Data Retention Directive, Passenger Name Record and Cyber Security Directive).

For more information on the aforementioned cases and reforms, please also refer to the following prior Password Protected blog posts:

EU Happy Holiday Present: The GDPR

CJEU Declares the EU Commission Safe Harbor Decision Invalid

The Court of Justice of the EU Declares Invalid the Data Retention Directive 2006/24