(Telecompaper) EU ministers have reached an agreement on reforming data protection regulations, opening the way for negotiations with the European Parliament on the final legislation. Designed to replace the existing data protection directive from 1995, the new law aims to give consumers greater control over how their personal data is used, especially online. The proposal also extends EU regulations to businesses based outside the region and handling data on EU residents. The law upholds the 'safe harbour' system for transferring data on EU subjects to non-EU countries. These countries must show they offer sufficient personal data protection in order to receive the 'safe harbour' status, to be determined by the European Commission in cooperation with member states and Parliament. The Parliament had called for stricter protections for international transfers, with approval by national regulators and informing the subject required in certain cases. EU ministers scaled back the original proposal to allow international companies to choose a 'one-stop shop' privacy regulator in the EU country of their choice. Instead, the one-stop mechanism will apply only in supervisory decisions on important transnational cases involving several national regulators. The EU ministers also endorsed the EC's proposal for higher fines for violators, but not as high as those approved by Parliament.
The council's text notably allows a considerable amount of flexibility for member states in implementing several parts of the regulations, particularly in areas involving the handling of personal data for law enforcement purposes. The first so-called trilogue meeting, between the European Commission, Council and Parliament, on a final text is scheduled for 24 June.