One is the so-called umbrella agreement with U.S. authorities, governing the access law enforcers have to personal data and providing European citizens with the same right to legal redress if their privacy is violated as U.S. citizens would enjoy in Europe.
The other is to bring the EU's existing data protection law up to date. The current rules were set by the 1995 Data Protection Directive, before companies such as Facebook or Google existed. In 2012 the Commission proposed a regulation further harmonizing privacy laws across the EU while giving more power to national regulators, and is now close to agreement with the EU's other lawmaking bodies, the Council and the Parliament, on a final text.
Sign up for CIO Asia eNewsletters.