Skip to main content

EU outlining personal data protection rules

In these days when it seems people live their entire lives in full view of the global Internet via services like Facebook and Twitter, the European Union is working on a framework to strengthen protections for personal data—including a “right to be forgotten,” meaning that individuals’ data should be removed when no longer needed and that individual would have a right to demand their data be deleted.

“The protection of personal data is a fundamental right,” said EU Commissioner for Justice Viviane Reding, in a statement. “To guarantee this right, we need clear and consistent data protection rules. We also need to bring our laws up to date with the challenges raised by new technologies and globalization.”

The European Commission has drafted a framework for data protection policies (PDF), and while the text doesn’t represent a final draft, it does indicate how the Commission is thinking and what can be expected from a formal proposal next year to revise the EU”s 1995 Data Protection Directive.

In a nutshell, the regulations would mandate that the collection of use of personal data would be restricted to the amount of information minimally necessary to provide a service, with fully transparent disclosure to users as to how long their data will be kept, how it will be used, and who has access to it. Users should be able to give “informed consent” to the use of their personal data, and have a “right to be forgotten” when their data is no longer needed, or when a user wants their data deleted.

The EU is also looking to unify data protection policies across member states to create a level playing field for customers, so companies don’t have to jump through one set of privacy regulations in one state while doing something totally different in another. The Commission is also looking at unifying rules for data retention and disclosure to law enforcement—this could apply to everything from secured BlackBerry communications to server logs—and plans to re-examine the 2006 Data Retention Directive which mandates companies store communications traffic data for six months to two years.

Strengthening individuals’ rights to consent to the use of personal data and require that personal data be deleted would put the EU at the forefront of personal privacy regulation. While much of the rest of the world is concerned with the complexity of Facebook’s privacy settings—if they’re concerned at all—the EU is working to define individuals rights to access, delete, or modify personal data as a “essential right” in the digital world. it should make for interesting times…particularly when the EU looks to extend any policies to international operations conducting business in member states. After all, After all, Google CEO Eric Schmidt said on CNN last week people who were concerned about Google Street View taking pictures of their homes and businesses could protect their privacy: they could “just move.”

Editors' Recommendations