Tuesday, 20 April 2010

Personal data on hard drives etc - EDPS opinion on waste electrical & electronic equipment

On disposing of computers etc in a way that preserves privacy (i.e. deleting personal data on there first), see the European Data Protection Supervisor's Opinion of 14 April 2010 on the Proposal for a Directive of the European Parliament and of the Council on waste electrical and electronic equipment (WEEE).

The Commission had adopted a Proposal for a Directive of the European Parliament and of the Council on waste electrical and electronic equipment (WEEE) in December 2008 but again, the EDPS wasn't consulted, even though that was required by EU law, and even though the EDPS's role is to advise the Commission. It's clear why Amberhawk despaired. I have yet to look into whether there's any sanction if they ignore him, but I suspect there isn't. There really should be. One for the reform of the Data Protection Directive maybe?

On WEEE, the EDPS in his opinion advises that the Proposal should include specific provisions:

  • spelling out that the WEEE Directive applies without prejudice to the Data Protection Directive 95/46/EC;
  • prohibiting marketing of used devices which haven't undergone appropriate security measures in compliance with state-of-the-art technical standards to erase any personal data they may contain; and
  • for "Privacy by design" or "security by design", as far as possible requiring privacy and data protection to be integrated into the design of electrical and electronic equipment by default, to help users easily and free of charge delete personal data on equipment which they get rid of.

Let's hope they listen to him - a big source of data security breaches by organisations has been unerased or easily recoverable personal data still stored on the hard drives of computers sold on eBay, etc, and individuals really ought to be able to securely wipe their personal data easily before they sell or indeed donate to charity or give away their computers or other electronic equipment too (mobile phones, anyone?).

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.