Call for stricter data protection in the EU
Written by Stephanie Slappendel   

The European Commission recently released a paper in which it announced its strategy to create stricter data protection rules in the European Union. Due to fast developments in technology and globalization it has become easier for individuals to provide and share personal information on the internet, information that companies efficiently can use for various business purposes. The personal information needs more protection than the current EU Data Protection Directive of 1995 provides for, according to the European Commission.

The paper sets out the reasons for developing a more enhanced data protection policy and mentions the fundamental right to data protection for individuals and ensuring the free flow of information within the European Union as its main objectives. Possible means to realize the first objective, the fundamental right to data protection for individuals, focuses mostly on imposing obligations on data controllers. Data controllers should inform individuals about what happens to the personal information, who processes the information and for what reason, how long it will be stored, how individuals can access the information and make changes or withdraw the information. Although individuals are usually informed by data controllers through a privacy notice, these privacy notices are considered to be difficult to read and not easily accessible. Therefore the European Commission suggests creating several standard privacy notice forms that data controllers can use. Data controllers might be obliged to create policies that will ensure compliance with the data protection rules. In order to further compliance the European Commission wants to explore the possibilities of self-regulation and an EU certification scheme. Certain information is deemed sensitive and, under current law, cannot be processed. An example of sensitive information is information about race, gender, political preference, health, and religious belief. The European Commission might broaden the scope of sensitive information which will restrict the amount of personal information that can be processed. In the event that the personal information is lost, altered or unintentionally disclosed to other parties by the data controller, the data controller might be obliged to notify the individuals thereof. Besides limiting the scope of what information can be processed by the data controller, setting deadlines for responding to individual’s requests, improving individual’s access to their personal information in order to change it, block it or erase it, the European Commission also emphasizes the importance of public awareness about the risks of data processing.

The second objective, ensuring the free flow of information within the internal market, focuses mainly on creating a fair level playing field for businesses within the European Union and reducing the administrative burden and costs. This through harmonization of the differing existing laws and regulations regarding data protection in the different EU Member States which will lead to uniform requirements within the EU. Rightly so, the European Commission points out the effect of globalization. Even though the EU regulations concerning data protection apply within the EU, the internet does not have geographical boundaries. Someone within the European Union may easily provide personal information on a social network site located in the U.S.A., use a search engine or order a product online from a U.S. based company. Data controllers in the U.S. do not fall within the jurisdiction of the EU. Therefore the European Commission wants to “examine how to… provide for the same degree of protection of EU data subjects, regardless of the geographical location of the data controller.”

The paper is a first step. Until January 15, 2011 stakeholders can submit comments to the European Commission regarding the announced strategy to strengthen data protection. If all goes well, a proposal for legislation, revision of the Data Protection Directive, will be made by the European Commission in 2011.

 

To see the full paper click visit: http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_en.pdf

To see the press release visit: http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1462&format=HTML&aged=0&language=EN&guiLanguage=en

 

Sources:

http://www.out-law.com/page-11527

http://voices.washingtonpost.com/posttech/2010/11/eu_pushes_for_stronger_interne.html

http://ec.europa.eu/news/justice/101105_en.htm

Trackback(0)
feed0 Comments

Write comment
This content has been locked. You can no longer post any comment.

busy
 
feed image