NEWS22 October 2013

EU Civil Liberties Committee backs ‘right to erasure’ of data

Europe Government Legal

BELGIUM — The European Parliament Civil Liberties Committee last night voted in favour of tougher new data protection rules in Europe, including a “right to erasure” of data, and fines of up to €100m for breaches of the rules.


According to the Civil Liberties Committee, “any person would have the right to have their personal data erased if he/she requests it. To strengthen this right, if a person asks a ‘data controller’ (e.g. an internet company) to erase his/her data, the firm should also forward the request to others where the data are replicated”.

EU Justice Commissioner Viviane Reding has previously called for citizens to be granted the right to delete their data at any time, “especially the data they post on the internet themselves”.

The Civil Liberties Committee said the “right to erasure” would cover this “right to be forgotten”.

In addition to the tougher fines, MEPs also voted for limits to profiling, described as “a practice used to analyse or predict a person’s performance at work, economic situation, location, health or behaviour”.

“Profiling would only be allowed subject to a person’s consent, when provided by law or when needed to pursue a contract,” according to a statement. “Furthermore, such a practice should not lead to discrimination or be based only on automated processing. Any person should have the right to object to any profiling measure.”

Data transfer rules to non-EU countries were also voted on. According to the adopted text, “if a third country requests a company to disclose personal information processed in the EU, the firm would have to seek authorisation from the national data protection authority before transferring any data. The company would also have to inform the person of such a request”.

On the subject of explicit consent for data processing, the committee said: “Where processing is based on consent, an organisation or company could process personal information only after obtaining clear permission from the data subject, who could withdraw his/her consent at any time. A person’s consent means any freely given, specific, informed and explicit indication of his/her wishes, either by a statement or by a clear affirmative action.

“Civil Liberties Committee MEPs clarify that the execution of a contract or the provision of a service cannot be made conditional upon consent to processing personal data that is not strictly needed for the completion of that contract or service. Withdrawing consent must be as easy as giving it.”

The committee’s vote paves the way for the European Parliament to start negotiations with national governments in the European Council. According to the committee: “Inter-institutional talks will start as soon as the Council agrees on its own negotiating position… Parliament aims to reach an agreement on this major legislative reform before the May 2014 European elections.”

  • Update 24/10/13: The Market Research Society Policy Unit has published a paper on the impact that tighter data protection regulation could have on research organisations. Click here to download.