On 4 November 2010, the European Commission published a communication in which it set out its vision for the future of EU data protection legislation. The communication makes clear that the Commission is intending to propose new legislation in 2011. You can find the communication here. Notable points emerging from the communication include that the Commission is considering:

–       introducing a ‘general principle of transparent processing’ aimed at ensuring that data controllers are more transparent as to how they are processing personal data;

 

–       whether the definition of sensitive personal data should be expanded so that it includes for example genetic data;

 

–       clarifying and strengthening the rules on consent so that it will be clearer when a data subject can be taken to have consented to processing of his or her personal data;

 

–       extending powers of enforcement to civil society associations as well as other associations representing the interests of data subjects;

 

–       strengthening existing sanctions for non-compliance, including providing explicitly for criminal sanctions in the case of serious violations;

 

–       requiring data controllers to appoint independent data protection officers (subject to a recognition of the need not to overburden small enterprises);

 

–       requiring data controllers to carry out data protection impact assessments in certain cases; and

 

–       imposing new rules designed to strengthen, clarify and harmonise the status and powers of national data protection authorities.