Friday, 30 April 2010

Data Protection Directive reform - Hustinx views

No surprises in European Data Protection Supervisor Peter Hustinx's latest speech "The Strategic Context and the Role of Data Protection Authorities in the Debate on the Future of Privacy" of 29 April 2010 at a European Privacy and Data Protection Commissioners’ Conference, calling for an ambitious approach by the Commission in their review of the Data Protection Directive, proposals for reform & revision of which are due by the end of 2010, and on which they consulted last year. Press release 29 April (PDF).

The central message of his contribution is that (as I've argued before) the main principles of data protection "are still valid despite new technologies and globalisation. However, the level of data protection in the EU should benefit from a better application of the existing principles."

He called on the Commission "to remain ambitious in updating the existing framework to avoid the risk of an increasing loss of relevance and effectiveness of data protection in a society that is ever more driven by technological change and globalisation."

"The stakes are not more and not less than how to ensure privacy and data protection in a highly developed Information Society of 2015, 2020 or beyond" said Peter Hustinx. "An ambitious approach is the only way in which we can ensure that our privacy and personal data are well protected, also in the future. It is essential that the Commission comes up with proposals that take into account what is really needed and does not settle for less ambitious results".

He said that to protect individuals' personal data we need a comprehensive legal framework in the EU to ensure more effectiveness, as well as:

  1. integration of "privacy by design" and "privacy by default" in information and communication technologies;
  2. more accountability for controllers: data controllers should be made more accountable to ensure compliance with data protection rules in practice. This would bring significant added value for an effective implementation of data protection and would considerably help data protection authorities in supervision and enforcement;
  3. stronger enforcement powers for data protection authorities: it is essential that data protection authorities have sufficient resources to exercise their monitoring tasks and, if necessary, enforce compliance with data protection rules.

I agree, of course - especially on privacy enhancing technologies (PbD) and enforcement. Again, let's hope the EU legislators listen to him more than they have before.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.