The European Parliament and the European Council on May 23 agreed on new rules to strengthen data protection in EU institutions, bodies and agencies. Existing rules date back to 2001.

The objective of the update is to bring the rules in line with the General Data Protection Regulation (GDPR) as well as the proposed e-privacy rules to uphold citizens’ right to personal data protection.

According to a European Parliament press release, the new rules will cover EU institutions, bodies, offices and agencies to ensure a strong and coherent framework for data processing. Contrary to the past, the rules will also apply to Eurojust as soon as the reform of the agency will be agreed by the Parliament and the Council. Furthermore, in 2022 the rules should be extended to Europol and the European Public Prosecutor’s Office following to a review by the Commission.

“This regulation will make sure that the EU institutions have to live up to the same standards in data protection as everybody else in the EU,” said Rapporteur Cornelia Ernst (GUE/NGL, DE). “This will include Eurojust and, in the near future, Europol and the European Public Prosecutor. This is important, because these agencies process a lot of very sensitive data and data protection is most relevant particular in the framework of law enforcement.”

It is now up to the European Parliament’s Civil Liberties Committee, as well as parliament as a whole and the Council of the EU to approve the new rules.