Europe Adopts Sweeping EU Data Protection Law

two years to implement the general data protection regulation (GDPR), which has been in development since 2012 and is the first major update to data protection in more than 20 years (see 1512160001). The new regulation "makes a high, uniform level of data protection throughout the EU a reality," said European Parliament member Jan Philipp Albrecht, of the Greens/European Free Alliance and Germany, in a Thursday news release. "This is a great success for the European Parliament and a fierce European 'yes' to strong consumer rights and competition in the digital age." GDPR gives EU citizens more control over their information such as the "right to be forgotten" and capability of more easily transferring personal data between service providers. They will also get clearer information about how their data is used. Adoption was hailed by consumer and privacy groups. BEUC-the European Consumer Organisation, an alliance of 41 independent national consumer groups from 31 European countries, said in a statement the law opens "a new chapter for data protection" but isn't the end of the story. "There is work ahead to ensure a successful application of the new rules and guarantee that the EU effectively continues to be a role model for data protection in the world,” said David Martin, BEUC senior legal officer. But, Rob Atkinson, president of the Information Technology and Innovation Foundation, called GDPR a "mistake," in a statement. He said its "provisions will be onerous in practice -- like trying to sail with an anchor overboard." He said "businesses, entrepreneurs, civil society groups, and government all will have an unduly hard time using data to start new ventures, expand well-established ones, or enrich European citizens’ lives by discovering solutions to challenges in health care, education, or the environment." Policymakers have time to craft a more appropriate framework "for a modern data economy" before GDPR is implemented, Atkinson said.