| Author (Person) | Crosbie, Judith |
|---|---|
| Series Title | European Voice |
| Series Details | 18.10.07 |
| Publication Date | 18/10/2007 |
| Content Type | News |
|
The EU’s laws on data protection are among the most highly developed in the world. Elsewhere, including in the US, information privacy is dealt with on a piecemeal basis, but the EU has one main plank of legislation which governs the flow of data held by companies and governments. The 1995 directive on data protection, which came into force in 1998, sets down rules on how and when information held on individuals can be held or passed on. An individual must give his or her consent if data about them is to be processed. Individuals retain the right of access to that information and to correct it if it is inaccurate. The data held can be used only for a specific purpose and cannot be used for other purposes. Member states have had to put in place data protection authorities to monitor information privacy which can hear complaints from individuals. The thinking behind the data protection directive when it was drafted was to set down specific rules for member states to protect the rights of individuals while allowing for the free flow of information within the EU’s internal market. A European Commission report earlier this year into how the directive is working concluded that there was no need for change. "The Commission considers that the data protection directive constitutes a general legal framework which fulfils its original objectives by constituting a sufficient guarantee for the functioning of the internal market while ensuring a high level of protection," the report said. But the report did highlight problems with member states’ data protection authorities. "One concern is respect for the requirement that data protection supervisory authorities act in complete independence and are endowed with sufficient powers and resources to exercise their tasks," the report added. Christopher Kuner, a lawyer with Hunton & Williams who specialises in data protection, says that "data protection authorities don’t get a lot of respect from governments and they don’t have a lot of resources". Companies needing approval of how they set up databases or seeking clarification on applicable law, Kuner says, have had to wait many months in some member states because of a lack of personnel in data protectionauthority offices. Kuner says companies would like to see changes to the 1995 directive which would give them more clarity. For example, some definitions - such as what constitutes personal data, what is a data controller versus a data processor - are murky, he says. Kuner also points to the changing technological landscape since the 1995 law was drafted. New ways of transferring data and new technological developments, such as internet use or radio-frequency identification tag technology (RFID), mean that the law seems dated in today’s context. Jonathan Faull, the Commission’s director-general for justice, freedom and security, acknowledges the technological changes that have taken place since 1995 but says that altering the law would have a multiplier effect on the wider legislation that could lead to complications. "If we can be persuaded that there is a need for change then we will look at it, but for the moment we are happy with how the directive is working," he says. He says that the Commission "is talking to member states all the time" about changes in the data protection landscape. In addition, regular meetings of the 27 member states’ data protection authorities - known collectively as the Article 29 working party - produce reports and opinions on how they view the sector. The EU’s laws on data protection are among the most highly developed in the world. |
|
| Source Link | http://www.europeanvoice.com |
