The rules are the first attempt to create strong data-protection laws for Europe's 500 million citizens. They include a clause to strengthen online privacy in the wake of whistleblower Edward Snowden's allegations about US spying. They also set out ways citizens can erase their personal data - the so-called right to be forgotten.
Lawmakers have toughened the initial draft regulation, prepared by the European Commission, to make sure companies no longer share European citizens' data with authorities of another country, unless explicitly allowed by EU law or an international treaty.
This is a direct response to allegations from former intelligence analyst Edward Snowden about the US National Security Agency (NSA) snooping on European citizens' data. Another clause seeks to limit user profiling, requiring companies to explain their use of personal data in detail to customers and to seek prior consent.
To ensure that the regulation is properly applied, most businesses would have to designate or hire data-protection officers. After 18 months of fierce industry lobbying, the legislation was passed with a 49-3 committee vote, with one abstention.
The European Parliament still needs to hold another vote and seek agreement with the EU's 28 member states though — which is likely to result in some changes.
Source: BBC News