Like technology, the way our personal data is used and shared in our society is changing all the time. The challenge this poses to legislators is to establish a legislative framework that will stand the test of time. At the end of the reform process, Europe's data protection rules should continue to guarantee a high level of protection and provide legal certainty to individuals, public administrations and businesses in the internal market alike for several generations. No matter how complex the situation or how sophisticated the technology, clarity must exist on the applicable rules and standards that national authorities have to enforce and that businesses and technology developers must comply with. Individuals should also have clarity about the rights they enjoy.

In September, the Commission announced that it would refer the UK to the European Court of Justice for not fully complying with EU regulations [JURIST report] that protect the privacy of electronic communications. The EU has found UK law in breach of the ePrivacy Directive 2002/58/EC and the Data Protection Directive 95/46/EC [texts], regulations regarding consent to interception and the role of enforcement and supervisory committees. Specifically, current UK law does not provide for an independent national authority to supervise the interception of some communications, it allows for communications to be received without fulfilling the EU definition of consent and it does not have a mechanism that ensures sanctions for unlawful unintentional interception, as required by EU law. The EC formally notified [JURIST report] the UK in April 2009 that it was starting infringement proceedings for failure to follow EU Internet privacy and data protection rules.