The European Union has agreed to a new General Data Protection Regulation regime.
It establishes data privacy as a fundamental right and does so by strengthening the existing rights and providing more consumer control over data, including:
1. "Easier access to your own data: individuals will have more information on how their data is processed and this information should be available in a clear and understandable way;
2. "A right to data portability: it will be easier to transfer your personal data between service providers;
3. "A clarified 'right to be forgotten': when you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted;
4. "The right to know when your data has been hacked: For example, companies and organizations must notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures."
The reforms were proposed in 2012, but it has taken until now for the European Parliament and European Council to negotiate final rules, which will take effect two years after formal passage in early 2016.
When they do take effect, companies providing services to Europe must comply per a "European rules on European soil" provision.
Businesses, including thousands from the U.S, that provide relevant services to Europe, will have only a single supervisory authority and set of rules to deal with, which EU predicts will save €2.3 billion per year (or $3.45 billion).
The rules also take a risk-based approach, says the EU, that tailors the rules to the risks. It also bakes data protection safeguards in products and services "from the earliest stage of development (Data protection by design). Privacy-friendly techniques such as pseudonomysation will be encouraged, to reap the benefits of big data innovation while protecting privacy."
"As new technologies and business models emerge in our interconnected world, strong regulations and protections of the individual's personal information become even more important," said Katharina Kopp, director of CDT's Privacy and Data Project.
But CDT is concerned about how the how provision on the right to "Be Forgotten," as well as international data transfers will be interpreted.