Twenty years counts as an eternity in technology. Current data protection rules date back nearly two decades so an update is urgently required. Not only has technology significantly evolved, but also the way we process and use data has changed. On 11 March Parliament discusses a legislative package that will bring about more control and security online, modernizing standards and introducing new rules for companies and national authorities. MEPs will then vote on the plans today (12 March).

Users are in control

Parliament decides this week on how personal data should be managed and protected in the future. The proposal foresees tougher penalties for offending companies, limits on user profiling and stronger and more independent data protection authorities. But most importantly, users would have the right to be erased and thus be "forgotten" online.

Jan Philipp Albrecht,  who is responsible for steering the update of data protection rules through Parliament, said: “European businesses will know exactly what rules they have to follow, as they will not have to understand 28 different national laws." The German member of the Green group added: "Under the new rules, only the minimum amount of data that is necessary for providing a service can be initially collected.

"We have also introduced a new provision that will protect Europeans from access requests by foreign governments. The regulation will also massively limit the ways in which data brokers can sell our data without our knowledge or consent. Of course we will need to do some serious reforms on the way our intelligence services operate in the world after the revelations by Edward Snowden. But this is more a task for the member states.”

Putting limits on data without borders

The NSA scandal reminded everyone that security and crime fighting cannot be an excuse to abuse fundamental rights. In a separate report, Parliament will decide on rules governing cross-border data processing in police and judicial co-operation, designed to protect both domestic and cross-border transfers of data.

Dimitrios Droutsas, a Greek member of the S&D group who is responsible for  steering this proposal through the EP, said: "The data protection directive, if approved, will bring significant improvements to the processing of personal data by police and judicial authorities in criminal matters. We, as the European Parliament, need to safeguard our citizens' rights without sacrificing the ability of the police to fight crime."

Unauthorised surveillance comes at a cost

The Parliament will also vote on the conclusion of a six-month investigation by the civil liberties committee into the mass surveillance of Europeans. The report contains recommendations to prevent further breaches and improve the IT security of EU institutions.

Next steps

The negotiations with the Council will start as soon as EU countries agree on their own negotiating position. The Parliament's aim is to reach an agreement on this major legislative reform before the end of 2014.