The European-Commission published in late January a proposal to amend the current data protection rules. The proposal aims to increase the level of protection for the individual and if adopted, employers will no longer be able to process sensitive personal information based on the employee’s consent. As it currently stands, sensitive information may only be processed if the employee has provided his/her explicit consent. However, the reason behind the proposal is rooted in the imbalance that occurs in the employee and employer relationship. As long as the employee is in a situation where he/she is dependent on the employer and thus feels pressured to consent, the consent will not be seen as given voluntarily and will not be valid. Therefore, if the employer does not process such information based on the required legal basis, the processing will have to be stopped. It remains unknown which legal basis the employer may use instead of the consent. So far the European Data Protection Supervisor, Peter Hustinx, and the Article 29 Working Party have expressed their concerns in terms of the proposal not leaving “enough discretion for national authorities.” Violation of the rules may imply huge fines for up to €1 million or up to 2% of the global annual turnover of the company.