Europe has the best data protection laws in the world, but the rapid pace of technology change has prompted new questions and challenges, according to Viviane Reding, the EC justice, rights and privacy commissioner.
This is why the European Commission recently set out its strategy on how to protect personal data as the basis for data protection reform in the EU, she told the European Data Protection and Privacy Conference in Brussels.
"Privacy nowadays has become a moving target, and new risks need better legal remedies," said Reding.
The key objectives of a comprehensive approach on personal data protection in the EU, she said, include strengthening the rights of individuals to protect personal data, enhancing the idea of a single market, and re-inforcing data controllers' responsibility.
On strengthening the rights of individuals, Reding said she wanted to introduce the "right to be forgotten" so people should have no problem wiping out their profiles from social networking services or having personal data deleted when it is no longer needed for the purposes for which it was collected.
The objective of enhancing the idea of a single market, she said, stems from the fact that companies often complain about how EU member states apply rules differently and is aimed at further harmonising data protection rules and reducing and simplifying administrative formalities.
As to how individuals' data is treated, she said the reform is aimed at ensuring companies in control of personal data will better fulfil their responsibilities by putting in place effective data protection mechanisms, such as by applying a privacy-by-design approach.
Reding also called for the role of national data protection authorities to be strengthened.
"We should provide them with the necessary powers and resources to properly exercise their tasks. We should also re-inforce their co-operation and better co-ordinate their activities, especially when confronted by cross-border or international issues," she said.
New general data protection legislation with precise and detailed rules will produce benefits for all stakeholders, said Reding.
Individuals will be able to understand what their rights and obligations are when it comes to personal data processing in Europe, she said, while for data controllers, businesses and public authorities, a more detailed and precise set of data protection rules would provide for legal certainty, reduce costs, be easier to apply, and create incentives for better data-protection compliance.
"Data protection authorities with identical powers and enough resources would be better equipped for better co-ordination of their activities, especially when confronted by issues which, by their nature, have a cross-border dimension," said Reding.
A high and uniform level of data protection legislation within the EU would be the best way of endorsing and promoting EU data protection standards globally, said Reding.