"17 years ago, less than 1 percent of Europeans used the Internet," E.U. Justice Commissioner Viviane Reding, the E.C.'s vice president, said in a statement in January when the draft was released. "Today, vast amounts of personal data are transferred and exchanged across continents and around the globe in fractions of seconds. The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data. My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information. The reform will accomplish this while making life easier and less costly for businesses. A strong, clear and uniform legal framework at E.U. level will help to unleash the potential of the digital single market and foster economic growth, innovation and job creation."
The new legislation is expected to have a substantial effect on all organizations that operate or focus on Europe, say Ulrich Bäumer and Stephanie Ostermann of the , an online legal update service for companies and law firms worldwide.
Bäumer and Ostermann say the new laws, as currently written, would increase the regulatory burden on organizations with European operations; increase the amount of time, money and personnel required to achieve compliance; and raise the stakes in terms of potential fines and brand damage arising from non-compliance.
"The new law will apply to anyone processing data in the European Union, as well as those outside Europe which are offering goods or services to E.U. citizens," they wrote in a . "For a multinational organization, the location of its European headquarters will determine which E.U. member state's laws will apply and which regulatory authority will have jurisdiction. That said, individuals will be given a wider range of powers to bring personal action against an organization (either in the country where a non-compliant organization is located or in the individual's local courts). Trade associations will also be empowered to bring class actions on behalf of their members. For the first time, data processors will share equal responsibility and liability for compliance with the new laws, raising the stakes for IT service suppliers."