Category Archives: Data Protection Copyright and Related Rights

The protection of personal data is governed by Directive 95/46/EC, which aims to establish a balance between a high level of protection of privacy and the free flow of personal data within the European Union (EU). The Commission is working to modernise the current framework in order to mount a better response to the new challenges posed by globalisation and new technologies.

European legislation on copyright and related rights is part of the rules introduced by the World Intellectual Property Organisation (WIPO). This legislation has two aims. They are to protect the economic interests of the authors of artworks such as books, films and musical works, but also to establish databases without hampering creativity and innovation.

Information Society

Information Society

Information Society Contents

  • Current general legal framework: Regulatory framework. Competition.
  • Digital Strategy, i2010 Strategy, eEurope Action Plan, Digital Strategy Programmes: Digital Strategy. I2010 Strategy and eEurope Action Plans. Programmes.
  • Internet, Online activities and ICT standards: Internet and Online activities. Fight against illegal online activities. Network security and information system. Coordination and standardisation.
  • Data protection, copyright and related rights: Data protection. Copyright and related rights in the information society.
  • Radiofrequencies: Mobile communications. Radio spectrum.
  • Interaction of the information society with certain policies: The use of ITC for road safety. The use of ITC for electronic commerce. The use of ITC for payment systems. The use of ITC for research. The use of ITC for public health.
  • Enlargement: Ongoing enlargement. Enlargement of January 2007. Enlargement of May 2004.

See also

Overviews of European Union: Information technology.
Further information: Communications Networks, Contents and Technology Directorate-General of the European Commission.

Data protection by Community institutions and bodies

Data protection by Community institutions and bodies

Outline of the Community (European Union) legislation about Data protection by Community institutions and bodies

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Data protection copyright and related rights

Data protection by Community institutions and bodies

Document or Iniciative

Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the institutions and bodies of the Community and on the free movement of such data.

Summary

This Regulation contains provisions aiming to protectpersonal data processed by European Union (EU) institutions and bodies.

These provisions aim to ensure a high level of protection for personal data managed by Community institutions and bodies. In particular, such data have to be:

  • processed fairly and lawfully;
  • collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
  • adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed;
  • accurate and, where necessary, kept up to date (all reasonable steps should be taken to ensure that data which are inaccurate or incomplete in relation to the purposes for which they are collected or for which they are further processed, are erased or rectified);
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are collected or for which they are further processed.

This Regulation also provides for the establishment of a “European Data Protection Authority”, an independent Community authority responsible for monitoring the correct application of the data protection rules by the EU institutions and bodies. This authority will be comparable to the data protection authorities established by Member States in accordance with Directive 95/46/EC on data protection. Citizens will thus be able to lodge complaints directly with that authority if they consider their data protection rights under the Regulation have not been respected.

Each Community institution and body shall appoint at least one person as Data Protection Officer with the task of cooperating with the Data Protection Supervisor and ensuring that the rights and freedoms of the data subjects are unlikely to be adversely affected by the data processing.

Citizens enjoy legally enforceable rights under the Regulation, such as the right to access, rectify, block or delete personal data relating to them in files held by the Community institutions and bodies.

Background

The data protection methods in this Regulation are based on the provisions of Directive 95/46/EC.

References

Act Entry into force Deadline for transposition in the Member States Official Journal

Regulation (EC) No 45/2001

1.2.2001 OJ L 8 of 12.1.2001

Related Acts

Commission Decision 2008/597/EC of 3 June 2008 adopting implementing rules concerning the Data Protection Officer pursuant to Article 24(8) of Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data [Official Journal L 193 of 22.7.2008].

This Decision defines the rules and procedures for implementation of the function of Data Protection Officer within the Commission (appointment, status, duties, powers, etc.).

website.

This summary is for information only. It is not designed to interpret or replace the reference document, which remains the only binding legal text.

Orphan works

Orphan works

Outline of the Community (European Union) legislation about Orphan works

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Internal market > Businesses in the internal market > Intellectual property

Orphan works

Proposal

Proposal for a Directive of the European Parliament and of the Council of 24 May 2011 on certain permitted uses of orphan works [COM(2011) 289 final – Not published in the Official Journal].

Summary

This Proposal establishes a legal framework concerning orphan works * taking the form of:

  • books, journals, newspapers, magazines or other writings;
  • cinematographic or audiovisual works contained in the collections of film heritage institutions;
  • cinematographic, audio or audiovisual works belonging to the archives of public service broadcasting organisations.

It applies to all works which are protected by the Member States’ legislation in the field of copyright.

This Proposal defines the conditions governing the use of orphan works by:

  • publicly accessible libraries;
  • publicly accessible educational establishments;
  • publicly accessible museums;
  • archives;
  • film heritage institutions;
  • public service broadcasting organisations.

What are the parameters for identifying an orphan work?

The organisations referred to above are required to carry out a diligent search to identify and locate the copyright holder of a work through appropriate sources. These sources are determined by Member States, in consultation with rightholders and users. In particular, they may take the form of:

  • legal deposits;
  • databases of the relevant collecting societies;
  • indexes and catalogues from library holdings and collections;
  • publishers associations in the respective country.

The results of diligent searches must be recorded in a publicly accessible database.

Where the rightholders are not identified or located following a diligent search, a work is considered an orphan work and is recognised as such in all other Member States. The copyright holder nevertheless has the possibility of putting an end to the orphan status at any time.

What types of uses of orphan works are permitted?

Publicly accessible libraries, educational establishments and museums, archives, film heritage institutions and public service broadcasting organisations are obliged to use orphan works for a public interest purpose which includes activities such as:

  • the preservation and restoration of the works contained in their collection;
  • the provision of cultural and educational access to those works.

Organisations are obliged to maintain records of diligent searches carried out and publicly accessible records of their use of orphan works.

However, these organisations may be authorised by Member States to use an orphan work for a purpose other than that of the public interest, provided they remunerate rightholders who put an end to the work’s orphan status.

Context

This Proposal follows the Recommendation on the online digitisation of cultural heritage published in 2006 which invited Member States to equip themselves with legislation on orphan works, an invitation that few of them took up. It is also in line with the objectives of the Digital Agenda for Europe.

Key terms of the Act
  • Orphan work: a work whose rightholder has not been identified or, even if identified, has not been located after a diligent search for the rightholder has been carried out and recorded.

Reference

Proposal Official Journal Procedure

COM(2011) 289

2011/0136/COD


Another Normative about Orphan works

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic

Information society > Data protection copyright and related rights

Orphan works

Proposal

Proposal for a Directive of the European Parliament and of the Council of 24 May 2011 on certain permitted uses of orphan works [COM(2011) 289 final – Not published in the Official Journal].

Summary

This Proposal establishes a legal framework concerning orphan works
* taking the form of:

  • books, journals, newspapers, magazines or other writings;
  • cinematographic or audiovisual works contained in the collections of film heritage institutions;
  • cinematographic, audio or audiovisual works belonging to the archives of public service broadcasting organisations.

It applies to all works which are protected by the Member States’ legislation in the field of copyright.

This Proposal defines the conditions governing the use of orphan works by:

  • publicly accessible libraries;
  • publicly accessible educational establishments;
  • publicly accessible museums;
  • archives;
  • film heritage institutions;
  • public service broadcasting organisations.

What are the parameters for identifying an orphan work?

The organisations referred to above are required to carry out a diligent search to identify and locate the copyright holder of a work through appropriate sources. These sources are determined by Member States, in consultation with rightholders and users. In particular, they may take the form of:

  • legal deposits;
  • databases of the relevant collecting societies;
  • indexes and catalogues from library holdings and collections;
  • publishers associations in the respective country.

The results of diligent searches must be recorded in a publicly accessible database.

Where the rightholders are not identified or located following a diligent search, a work is considered an orphan work and is recognised as such in all other Member States. The copyright holder nevertheless has the possibility of putting an end to the orphan status at any time.

What types of uses of orphan works are permitted?

Publicly accessible libraries, educational establishments and museums, archives, film heritage institutions and public service broadcasting organisations are obliged to use orphan works for a public interest purpose which includes activities such as:

  • the preservation and restoration of the works contained in their collection;
  • the provision of cultural and educational access to those works.

Organisations are obliged to maintain records of diligent searches carried out and publicly accessible records of their use of orphan works.

However, these organisations may be authorised by Member States to use an orphan work for a purpose other than that of the public interest, provided they remunerate rightholders who put an end to the work’s orphan status.

Context

This Proposal follows the Recommendation on the online digitisation of cultural heritage published in 2006 which invited Member States to equip themselves with legislation on orphan works, an invitation that few of them took up. It is also in line with the objectives of the Digital Agenda for Europe.

Key terms of the Act
  • Orphan work: a work whose rightholder has not been identified or, even if identified, has not been located after a diligent search for the rightholder has been carried out and recorded.

Reference

Proposal Official Journal Procedure

COM(2011) 289

2011/0136/COD

Personal data protection: a new strategy

Personal data protection: a new strategy

Outline of the Community (European Union) legislation about Personal data protection: a new strategy

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Data protection copyright and related rights

Personal data protection: a new strategy

Document or Iniciative

Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions of 4 November 2010 – A comprehensive approach on personal data protection in the European Union [COM(2010) 609 final – Not published in the Official Journal].

Summary

Personal data comprises all information relating to an identified or identifiable person, either directly or indirectly.

This Communication proposes a new strategy for protecting personal data. It aims to revise the current legislative framework, specifically the Directive relating to the protection of personal data and the Directive relating to data protection in the electronic communications sector. As part of this revision, the Communication sets several objectives.

Objective 1: strengthening individuals’ rights

The right to personal data protection is a principle that follows from the Charter of Fundamental Rights of the European Union (EU). In order to protect this right, the European Commission wishes to develop a legal framework which takes into account the rapid growth of new technologies and social networks, in particular.

The Commission is considering introducing a general principle of transparent processing of personal data. To this end, it plans to draw up one or more EU standard forms of privacy information notices, and to implement a general obligation to notify personal data breaches.

It is also essential that individuals can exercise better control over their data, particularly when sending them online. To this end, the Commission wishes to improve the modalities for:

  • the right of access;
  • rectification;
  • erasure or blocking of data;
  • the ‘right to be forgotten’.

Objective 2: enhancing the internal market

There are currently divergences in how the Member States apply the Directive on the protection of personal data. The Commission therefore wishes to enhance the harmonisation of data protection rules at EU level.

Furthermore, still within the context of enhancing the internal market, the Commission also intends to reduce the administrative burden that data protection represents for enterprises. It therefore plans to harmonise the current notification system and to draw up a uniform EU-wide registration form. At the same time, certain modalities related to data processing must be more clearly defined through:

  • the appointment of an independent Data Protection Officer;
  • a data protection impact assessment;
  • promoting the use of Privacy Enhancing Technologies (PETs).

Objective 3: revising the data protection rules in the area of police and judicial cooperation

In the Stockholm Programme the Commission highlighted the need to have a comprehensive protection scheme. Currently, Framework Decision 2008/977/JHA establishes cooperation in criminal matters relating to personal data protection which applies only to the exchange of data between EU countries. The Commission is considering extending, in the future, the application of these rules to data exchanged at national level.

Objective 4: developing international data protection

Personal data from third countries can circulate through Member States if the Commission considers that the level of data protection guaranteed by a third country is adequate. However, the criteria which enable the level of protection to be determined have not yet been clearly defined. The current procedures for international data transfers therefore need to be defined, as do the legal instruments applicable in this field.

Furthermore, the Commission wishes to harmonise the clauses relating to personal data protection contained in the international agreements concluded by the EU with third countries. In this regard, the Commission plans to enhance its cooperation with third countries and follow up the development of international technical standards.

Objective 5: strengthening the institutional arrangement

The Commission wishes to strengthen the role and powers of the authorities responsible for data protection. They should benefit from the status of ‘complete independence’. It is also crucial that they improve their cooperation and coordination.

Furthermore, the Article 29 Working Party shall also contribute towards improving the activities of the national authorities by ensuring a more consistent application of the European data protection rules.

Context

A review of the current legal framework for data protection was launched during a conference in May 2009, followed by a public consultation. Following the consultation, the Commission shall present new legislative proposals in 2011.

This summary is for information only. It is not designed to interpret or replace the reference document, which remains the only binding legal text.

Protection of personal data

Protection of personal data

Outline of the Community (European Union) legislation about Protection of personal data

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Data protection copyright and related rights

Protection of personal data

Document or Iniciative

European Parliament and Council Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [Official Journal L 281 of 23.11.1995] [See amending acts].

Summary

This Directive applies to data processed by automated means (e.g. a computer database of customers) and data contained in or intended to be part of non automated filing systems (traditional paper files).

It does not apply to the processing of data:

  • by a natural person in the course of purely personal or household activities;
  • in the course of an activity which falls outside the scope of Community law, such as operations concerning public security, defence or State security.

The Directive aims to protect the rights and freedoms of persons with respect to the processing of personal data by laying down guidelines determining when this processing is lawful. The guidelines relate to:

  • the quality of the data: personal data must be processed fairly and lawfully, and collected for specified, explicit and legitimate purposes. They must also be accurate and, where necessary, kept up to date;
  • the legitimacy of data processing: personal data may be processed only if the data subject has unambiguously given his/her consent or processing is necessary:
    1. for the performance of a contract to which the data subject is party or;
    2. for compliance with a legal obligation to which the controller is subject or;
    3. in order to protect the vital interests of the data subject or;
    4. for the performance of a task carried out in the public interest or;
    5. for the purposes of the legitimate interests pursued by the controller;
  • special categories of processing: it is forbidden to process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life. This provision comes with certain qualifications concerning, for example, cases where processing is necessary to protect the vital interests of the data subject or for the purposes of preventive medicine and medical diagnosis;
  • information to be given to the data subject: the controller must provide the data subject from whom data are collected with certain information relating to himself/herself (the identity of the controller, the purposes of the processing, recipients of the data etc.);
  • the data subject’s right of access to data: every data subject should have the right to obtain from the controller:
    1. confirmation as to whether or not data relating to him/her are being processed and communication of the data undergoing processing;
    2. the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive in particular, either because of the incomplete or inaccurate nature of the data, and the notification of these changes to third parties to whom the data have been disclosed.
  • exemptions and restrictions: the scope of the principles relating to the quality of the data, information to be given to the data subject, right of access and the publicising of processing may be restricted in order to safeguard aspects such as national security, defence, public security, the prosecution of criminal offences, an important economic or financial interest of a Member State or of the European Union or the protection of the data subject;
  • the right to object to the processing of data: the data subject should have the right to object, on legitimate grounds, to the processing of data relating to him/her. He/she should also have the right to object, on request and free of charge, to the processing of personal data that the controller anticipates being processed for the purposes of direct marketing. He/she should finally be informed before personal data are disclosed to third parties for the purposes of direct marketing, and be expressly offered the right to object to such disclosures;
  • the confidentiality and security of processing: any person acting under the authority of the controller or of the processor, including the processor himself, who has access to personal data must not process them except on instructions from the controller. In addition, the controller must implement appropriate measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access;
  • the notification of processing to a supervisory authority: the controller must notify the national supervisory authority before carrying out any processing operation. Prior checks to determine specific risks to the rights and freedoms of data subjects are to be carried out by the supervisory authority following receipt of the notification. Measures are to be taken to ensure that processing operations are publicised and the supervisory authorities must keep a register of the processing operations notified.

Every person shall have the right to a judicial remedy for any breach of the rights guaranteed him by the national law applicable to the processing in question. In addition, any person who has suffered damage as a result of the unlawful processing of their personal data is entitled to receive compensation for the damage suffered.

Transfers of personal data from a Member State to a third country with an adequate level of protection are authorised. However, they may not be made to a third country which does not ensure this level of protection, except in the cases of the derogations listed.

The Directive aims to encourage the drawing up of national and Community codes of conduct intended to contribute to the proper implementation of the national and Community provisions.

Each Member State is to provide one or more independent public authorities responsible for monitoring the application within its territory of the provisions adopted by the Member States pursuant to the Directive.

A Working Party on the Protection of Individuals with regard to the Processing of Personal Data is set up, composed of representatives of the national supervisory authorities, representatives of the supervisory authorities of the Community institutions and bodies, and a representative of the Commission.

References

Act Entry into force Deadline for transposition in the Member States Official Journal
Directive 95/46/EC

13.12.1995

24.10.1998

OJ L 281 of 23.11.1995

Amending act(s) Entry into force Deadline for transposition in the Member States Official Journal
Regulation (EC) No 1882/2003

20.11.2003

OJ L 284 of 31.10.2003

Successive amendments and corrections to Directive 95/46/EC have been incorporated in the basic text. This consolidated versionis for reference purpose only.

Related Acts

IMPLEMENTATION REPORT

Communication from the Commission to the European Parliament and the Council on the follow-up of the Work Programme for better implementation of the Data Protection Directive [COMM(2007) 87 final – Not published in the Official Journal].

This Communication examines the work done under the Work Programme for improved implementation of the Directive on data protection contained in the First report on the implementation of Directive 95/46/EC. The Commission highlights the fact that this has improved, has all Member States have now transposed the Directive. It emphasises that the Directive should not undergo any amendments at present.

It also notes that:

  • it will continue in its cooperation with the Member States and, if necessary, will launch official infringement proceedings;
  • it will prepare an interpretative communication regarding certain provisions in the Directive;
  • it will continue its implementation of the Work Programme
  • it will present EU-level sectoral legislation if there are major technological developments in a specific area;
  • it will continue cooperating with its external partners, in particular the US.

Report from the Commission of 15 May 2003 [COM(2003) 265 final – Not published in the Official Journal]
First report on the implementation of the Data Protection Directive (95/46/EC)


The report takes stock of the consultations carried out by the Commission to evaluate Directive 95/46/EC with governments, institutions, business and consumer associations, and individual citizens. The results of the consultations show that few contributors advocated a revision of the Directive. Furthermore, after consulting the Member States, the Commission noted the fact that a majority of them and, also, of the national supervisory authorities, did not consider it necessary to amend the Directive at present.

Despite the delays and gaps in implementation, the Directive has fulfilled its principal objective of removing barriers to the free movement of personal data between the Member States. The Commission also believes that the objective of ensuring a high level of protection in the Community has been achieved since the Directive has set out some of the highest standards of data protection in the world.

Other Internal Market policy objectives have, however, been less well served. The divergences in data protection legislation are still too great between Member States, and these disparities prevent multinational organisations from developing pan-European policies on data protection. The Commission will therefore do what is required to remedy this situation whilst hoping, wherever possible, that it will not be necessary to proceed by way of formal action.

With regard to the general level of compliance with data protection law in the EU, there are three main problems:

  • an under-resourced enforcement effort;
  • very patchy compliance by data controllers;
  • an apparently low level of knowledge of their rights among data subjects, which may be at the root of the previous phenomenon.

In order to ensure the better implementation of the Data Protection Directive, the Commission has adopted a work programme comprising a number of actions which need to be taken between the adoption of this report and the end of 2004. These actions are made up of the following initiatives:

  • discussions with Member States and data protection authorities on the changes needed to bring national legislation fully in line with the requirements of the Directive;
  • association of the candidate countries with efforts to achieve a better and more uniform implementation of the Directive;
  • improving the notification of all legal acts transposing the Directive;
  • simplification of the conditions for international transfers of data;
  • promotion of privacy enhancing technologies;
  • promotion of self-regulation and European Codes of Conducts.

PRIVACY AND ELECTRONIC COMMUNICATIONS DIRECTIVE

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) [Official Journal L 201 of 31.07.2002]

This Directive was adopted in 2002 at the same time as a new legislative framework designed to regulate the electronic communications sector. It contains provisions on a number of more or less sensitive topics, such as the Member States keeping connection data for the purposes of police surveillance (the retention of data), the sending of unsolicited e-mail, the use of cookies and the inclusion of personal data in public directories.

STANDARD CONTRACTUAL CLAUSES FOR THE TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

Commission Decision 2004/915/EC of 27 December 2004 amending Decision 2001/497/EC as regards the introduction of an alternative set of standard contractual clauses for the transfer of personal data to third countries [Official Journal L 385 of 29.12.2004]

The European Commission has approved new standard contractual clauses which businesses can use to ensure adequate safeguards when personal data are transferred from the EU to third countries. These new clauses will be added to those which already exist under the Commission Decision of June 2001 (see below).

Commission Decision 2001/497/EC of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries under Directive 95/46/EC [Official Journal L 181 of 04.07.2001]

This Decision sets out standard contractual clauses to ensure an adequate level of protection of personal data transferred from the EU to third countries. The Decision requires Member States to recognise that companies or bodies which use these standard clauses in contracts relating to the transfer of personal data to third countries ensure an “adequate level of protection” of the data.

PROTECTION OF DATA BY THE COMMUNITY INSTITUTIONS AND BODIES

Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data [Official Journal L8 of 12.01.2001].

This Regulation aims at ensuring the protection of personal data within the institutions and bodies of the European Union. To this end:

  • it includes provisions which guarantee a high level of protection of personal data processed by the Community institutions and bodies; and
  • it provides for the establishment of an independent supervisory body to monitor the application of these provisions.

Promoting data protection by privacy-enhancing technologies

Promoting data protection by privacy-enhancing technologies

Outline of the Community (European Union) legislation about Promoting data protection by privacy-enhancing technologies

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Data protection copyright and related rights

Promoting data protection by privacy-enhancing technologies

Document or Iniciative

Communication from the Commission to the European Parliament and the Council on promoting data protection by privacy-enhancing technologies [COM(2007) 228 final – Not published in the Official Journal].

Summary

The Commission considers that privacy-enhancing technologies (PETs) should be developed and more widely used, in particular where personal data are processed through information and communication technology (ICT) networks. It considers that wider use of these technologies would improve the protection of privacy.

In its Communication on a strategy for a secure Information Society, it invites the private sector to “stimulate the deployment of security-enhancing products, processes and services to prevent and fight ID theft and other privacy-intrusive attacks”. Furthermore, in its Roadmap for a pan-European eIDM Framework by 2010, it indicates that one of the key principles governing electronic identity management is that “the system must be secure, implement the necessary safeguards to protect the user’s privacy, and allow its usage to be aligned with local interest and sensitivities”.

The purpose of this Communication, which follows on from the Communication on a strategy for a secure Information Society, the Roadmap for a pan-European eIDM Framework by 2010 and the First Report on the implementation of the Data Protection Directive, is to define the objectives so as to achieve better protection of privacy and to determine clear actions so as to achieve these goals by supporting the development of PETs and their use by data controllers and consumers.

First objective: to support the development of PETs

If PETs are to be widely used, there needs to be further design, development and manufacturing of PETs. Although these activities are already undertaken to a certain degree by the public and private sectors, the Commission considers that they should be stepped up. With this aim in mind, the need for PETs and their technological requirements should be identified and RTD activities should develop the tools. Finally, the Commission will encourage stakeholders to meet and discuss these technologies.

As the need for and technological requirements of PETs are identified, concrete action has to be taken to arrive at an end-product ready to use. In the future, under the 7th Framework Programme, the Commission intends to support other research and technological development (RTD) projects and large-scale pilot demonstrations to develop and stimulate the uptake of PETs. The Commission also calls on national authorities and on the private sector to invest in the development of PETs.

Second objective: to support the use of available PETs by data controllers

The Commission calls on all data controllers to incorporate and apply PETs in their processes more widely and systematically. For that purpose, the Commission will organise seminars with key actors of the ICT industry, and in particular PETs developers, with the aim of analysing their possible contribution to promoting the use of PETs among data controllers. It will also conduct a study on the economic benefits of PETs and disseminate its results in order to encourage enterprises, in particular SMEs, to use them.

Furthermore, the Commission will assess the need to develop standards regarding the lawful processing of data with PETs.

Firstly, the Commission will consider the need for respect of data protection rules to be taken into account in standardisation activities. It may invite the European Standardisation Organisations (CEN, CENELEC, ETSI) to assess specific European needs and subsequently to bring them to the international level by means of applying the current agreements between European and international standardisation organisations.

Secondly, the Commission considers that this is an area where coordination of national practice could contribute positively to promoting the use of PETs. It is calling on the Article 29 Working Party to continue its work in the field by including in its programme ongoing analysis of the needs for incorporating PETs in data-processing operations. This work should then produce guidelines for data-protection authorities to implement at national level through coordinated adoption of the appropriate instruments.

Moreover, many data-processing operations are conducted by public authorities in the exercise of their competences, both at national and at Community level. They are themselves bound to respect fundamental rights, including the right to protect personal data.

The Commission also considers that the public authorities should therefore set a clear example in this field. It calls on governments to ensure that data-protection safeguards are embedded in eGovernment applications, including through the widest possible use of PETs in their design and implementation. As for Community institutions and bodies, the Commission calls on them to comply with the requirements of Regulation (EC) No 45/2001. The European Data Protection Supervisor could contribute with his advice to drawing up internal rules relating to the processing of personal data.

Third objective: to encourage consumers to use PETs

A consistent strategy must be adopted to raise consumer awareness of the risks involved in processing their data and of the solutions that PETs may provide. With this in mind, the Commission intends to launch a series of EU-wide awareness-raising activities on PETs.

The main responsibility for conducting this activity falls within the realm of national data-protection authorities, which already have valuable experience in this area. The Commission calls on them to increase their awareness-raising activities to include information on PETs through all possible means within their reach. It also urges the Article 29 Working Party to coordinate national practice in a coherent work plan for awareness-raising on PETs and to serve as a meeting point for the sharing of good practice already in place at national level.

The Commission also intends to investigate the feasibility of an EU-wide system of privacy seals. With this in mind, and taking account of previous experience concerning seal programmes in other areas (e.g. environment, agriculture, security certification for products and services), it will conduct a dialogue with all the stakeholders concerned, including national data-protection authorities, industrial and consumer associations and standardisation bodies.

Data protection, copyright and related rights

Data protection, copyright and related rights

Outline of the Community (European Union) legislation about Data protection, copyright and related rights

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Data protection copyright and related rights

Data protection, copyright and related rights

The protection of personal data is governed by Directive 95/46/EC, which aims to establish a balance between a high level of protection of privacy and the free flow of personal data within the European Union (EU). The Commission is working to modernise the current framework in order to mount a better response to the new challenges posed by globalisation and new technologies.

European legislation on copyright and related rights is part of the rules introduced by the World Intellectual Property Organisation (WIPO). This legislation has two aims. They are to protect the economic interests of the authors of artworks such as books, films and musical works, but also to establish databases without hampering creativity and innovation.

Data protection

  • Protection of personal data
  • Data protection by Community institutions and bodies
  • Personal data protection: a new strategy
  • Promoting data protection by privacy-enhancing technologies

Copyright and related rights in the information society

  • Copyright in the Knowledge Economy
  • Copyright and related rights in the information society
  • Orphan works
  • Green Paper on Copyright in the Knowledge Economy
  • Green Paper on Copyright and Related Rights in the Information Society