"Data is becoming increasingly important for our economy and for our daily lives. With the roll-out of 5G and uptake of the Artificial Intelligence and Internet of Things technologies, personal data will be in abundance and with potential uses we probably can't imagine. While this offers amazing opportunities, some cases show that robust rules are needed to address clear risks for individuals and for our democracies. In Europe we know that strong data protection rules are not a luxury, but a necessity.

In the EU we have proudly become a global reference point for strong data protection rules, based on enforceable rights and independent and robust enforcement.

20 months after the entry into application of the landmark General Data Protection Regulation, we see that the GDPR has acted as a catalyst to put data protection at the centre of many of the on-going policy debates. It is a cornerstone of the European approach underpinning several political priorities of the new Commission promoting a human centric approach to Artificial Intelligence and other digital technologies. European Data Protection rules will therefore be a foundation and inspiration for the success of key initiatives in artificial intelligence, health or mobility to name just a few.

Citizens have become more aware of their rights and businesses are increasingly making use of their data protection credentials as an argument vis-à-vis their customers. Thanks to data protection awareness raising campaigns, over 1.7 million businesses and citizens visited the web guidance on the new rules in 2019 developed by the Commission. According to Eurobarometer results, the highest levels of awareness among citizens are recorded for the right to access their own data (65%), the right to correct the data if they are wrong (61%), the right to object to receiving direct marketing (59%) and the right to have their own data deleted (57%).

However, our priority and that of everyone involved should be to foster a harmonised and consistent implementation of data protection rules throughout the EU.

The work of data protection authorities, working together and coordinating their action within the European Data Protection Board, is essential. It is important that Member States provide them with the necessary human, financial and technical resources. From the Commission's side, we will also continue supporting them with EU funding.

Data protection authorities have already taken a series of enforcement decisions. Major investigations with a cross-border dimension, affecting individuals in many Member States, are ongoing. Decisions on these cases are expected in the coming months. But there is a need to step up enforcement notably by enhancing cooperation among data protection authorities. Vigorous and harmonised enforcement is a prerequisite for the effective protection of personal data.

The evaluation of the GDPR that the Commission will issue in spring will provide the opportunity to assess its application, in particular as regards international transfers and the consistency and cooperation mechanism between data protection authorities. It will also clarify certain aspects of the GDPR.

The demand for privacy is not limited to Europe. The GDPR has inspired a growing number of laws around the world and is becoming a global standard. Building on the successful example of the mutual adequacy with Japan, the Commission will further intensify its international engagement to promote safe data flows."

Background

 In 2006, the Council of Europe launched a Data Protection Day to be celebrated each year on 28 January.

The General Data Protection Regulation has been applying since 25 May 2018. In July 2019, the Commission published Communication taking stock of the implementation of the Regulation. It is providing grants to data protection authorities to co-finance their reaching out to stakeholders, in particular individuals and small and medium size enterprises.

In January 2017, the Commission adopted a Communication on the international aspects of privacy, which set out the EU strategy in the field of international data flows and protection. The adoption of the mutual EU-Japan mutual adequacy decision is an important result of this strategy. Since February 2019, it allows personal data to flow freely and safely between the two economies on the basis of strong data protection guarantees. The Commission is at an advanced stage in negotiating an adequacy decision with South Korea.