On the 25th of January 2012, the European Commission announced its long-awaited reforms to the EU Data Protection regime, which include the introduction of a Regulation setting out a general EU framework for data protection, and a Directive that applies general data protection principles and the processing of data by the police and judicial authorities in criminal matters (documents accessible at http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm). The new proposals are intended to harmonise the rules on data protection valid across the 27 Member States, and to update existing data protection rules in the light of technological developments, in particular with respect to online privacy. The new regime will give data subjects more control over their personal data, and facilitates access to and transfer of their data from one service provider to another. Non-EU businesses offering goods or services to EU consumers are also required to comply with the proposed rules. Amongst other changes, the new regime introduces the concept of immediate notification of serious data security breaches, and significant penalties for data protection breaches.

The proposed framework will be evaluated by the European Parliament and by EU Member States before it is adopted.