The biggest ICT law to be implemented by the European Commission to the EU/EEA member states, is the General Data Protection Regulation (Regulation (EU) 2016/679). The regulation is a binding law that all members must implement in their own country’s laws, and are actually rated above the national laws.
The GDPR is a regulation that replaces the original law from 1995. Normally, 20 years is not a long time for a law, but in ICT this is a very long time. The internet was only in its beginning to become widespread, there were no social medias and no tracking/profiling online. The amount of data that are being collected today via a number of services online has required such a law to be updated.
The regulations primary motive is to protect the data of residents in the EU, and give them better control over it.
There was initially a large resistance against the law saying it would be too costly, but after the Snowden documents – there was clearly a need for the personal data to be protected – and the law were put in motion.
The GDPR were finished on the 27th of April 2016, and with a two-year transition period it will be enforceable from 25th of May 2018.