Following two years of debate and negotiation, MEPs have voted overwhelmingly in favour of draft legislation that would see substantial restrictions put on the transfer of EU citizens' personal data to US entities.
The legislation has been gridlocked since 2011 after the US and industry groups pressured the European Union to water down the proposals. UK Conservative Party MEPs had also been accused of trying to delay the legislation's progress through the European Parliament an accusation they have denied.
However, revelations about the extent of the American National Security Agency's spying operations in Europe, and its co-operation with the UK Government over project Temporah, is thought to have steeled the EU into action.
German Green MEP Jan Philipp Albrecht, who is steering the legislation through the European Parliament, said: "The vote is a breakthrough for data protection rules in Europe, ensuring that they are up to the challenges of the digital age.
"This legislation introduces overarching EU rules on data protection, replacing the current patchwork of national laws."
Luca Schiavoni, a telecoms regulation analyst at Ovum, said: "The landslide votes in favour for each amendment, both for the Regulation and for the Directive, suggests Parliament is orientated toward a consumer-protective legislation, and that advocating against the draft rules will be even harder after this stage. However, many concerns remain as to the viability of these rules in practice. The definition of what personal data' is ... is still very vague, which may open up a loophole in the legislation, and fail to protect consumers.
"The...tighter rules for the transfer of personal data to non-EU countries upon request from a public authority...if passed in this form, may strongly limit US companies' ability to transfer European users' data to the US."
Dwayne Melancon, chief technology officer at IT security firm Tripwire, said: "The new EU Directive has the potential to have a huge global impact because it applies to any organisation which operates in the EU, even if they are headquartered elsewhere in the world.
"The size of the fines connected with the Directive are so big they will definitely get the attention of CEOs and boards. It is incumbent upon senior business executives to seek clear answers about security risks from information security leadership to ensure appropriate steps are taken to enable compliance with this Directive before it takes effect."
-
‘Europe could do it, but it's chosen not to do it’: Eric Schmidt thinks EU regulation will stifle AI innovation – but Britain has a huge opportunityNews Former Google CEO Eric Schmidt believes EU AI regulation is hampering innovation in the region and placing enterprises at a disadvantage.
-
The EU just shelved its AI liability directiveNews The European Commission has scrapped plans to introduce the AI Liability Directive aimed at protecting consumers from harmful AI systems.
-
A big enforcement deadline for the EU AI Act just passed – here's what you need to know
News The first set of compliance deadlines for the EU AI Act passed on the 2nd of February, and enterprises are urged to ramp up preparations for future deadlines.
-
UK financial services firms are scrambling to comply with DORA regulations
News Lack of prioritization and tight implementation schedules mean many aren’t compliant
-
EU agrees amendments to Cyber Solidarity Act in bid to create ‘cyber shield’ for member statesNews The EU’s Cyber Solidarity Act will provide new mechanisms for authorities to bolster union-wide security practices
-
The EU's 'long-arm' regulatory approach could create frosty US environment for European tech firmsAnalysis US tech firms are throwing their toys out of the pram over the EU’s Digital Markets Act, but will this come back to bite European companies?
-
EU AI Act risks collapse if consensus not reached, experts warn
Analysis Industry stakeholders have warned the EU AI Act could stifle innovation ahead of a crunch decision
-
Three quarters of UK firms unprepared for NIS2 regulations, study findsNews Senior management can be held personally liable for non-compliance under NIS2 rules
