It is essential to achieve a balance between the two EU Data Protection Law objectives, i.e. to protect the fundamental rights and freedoms of natural persons and in particular their right to privacy and neither restrict nor prohibit the free flow of personal data between Member States. The main objective of new legislation must be to put in place a legal framework to help achieve both objectives.
The EESC welcomes the Communication and points out that the collection, merging and management of data from multiple sources need to be carefully circumscribed.
Legislation regulating business activity must remain stable and predictable.
A main recurrent concern of stakeholders, particularly multinational companies, is the lack of sufficient harmonisation between Member States' legislation on data protection.
People need to become increasingly aware of the purposes for which their data is collected and the powers they have to control it.
As far as EU citizens and EU employees are concerned, the relevant law within the European Union should be that of the Member State of the data controller, wherever the data is held.
A specific focus on child related privacy issues is needed.
The present definition of sensitive data needs to be clarified as the categories of electronic data about individuals continue to increase.
While acknowledging the sensitivities of inter-state police co-operation, the EESC believes that it is essential that fundamental rights, including personal data protection, receive maximum consideration at all times.
A more consistent application of EU data protection rules is needed across all Member States.
The independence of national data protection authorities needs to be reinforced.
EESC believes that there is a valuable ongoing role for the Article 29 Working Party.
The EESC asks the Commission to consider the establishment of an EU Authority to address the broader societal ramifications of the internet on a 10- to 20-year timescale.