The Future of Data Protection
The European Commission is due to publish a proposal in January 2012 which will outline plans for new legislation to replace the current raft of data protection rules across the EU.
Whilst this is unlikely to directly result in changes to the cookie law, it is widely expected that new rules will focus on strengthening the privacy rights of individuals which will potentially have a much wider impact on businesses.
In anticipation of the Commission’s proposals, the UK’s ICO has recently published some of it’s own views on the forthcoming changes, so it is well worth looking at some of the core aspects of what is being proposed.
Right to be Forgotten
An idea that has been talked about quite a lot by the Commission is the right of an individual to demand that a company or organisation delete personal data held about them.
As the ICO points out, this could have serious implications for journalism and freedom of expression, if taken to its logical conclusion. Whilst people should have a reasonable expectation of a right to privacy, the ability to re-write your own history would seem to over step the mark.
Privacy by Design
There is a general encouragement of the idea that organisations should have an obligation to put privacy at the centre of any activity that involves personal data collection. The ICO also supports the idea of regularly reviewing systems and processes from a privacy perspective, even while it acknowledges the difficulty of enforcing such activity.
The ICO, perhaps unsurprisingly, supports an increase to its powers to regulate the private sector in particular. This would include the same powers to audit businesses with respect to their data protection practices, that it currently has with public sector bodies.
Funding for this work would continue to come from the ability impose fines, following the ‘polluter pays’ principle.
The ICO wants to see a new data protection framework that is based more on standards rather than prescriptive processes that organisations are expected to follow.
The Commission for its part is looking to create more of a level playing field across EU member states in respect of data protection.
However when you look at the differences in the implemenation of the cookie directive in different countries, it is difficult to see how harmonisation can be achieved without such prescription.
If you don’t make it clear how a set of regulations should be enforced, you leave them wide open to all sorts of interpretations at country level, which almost inevitably leads to something more akin to a rocky road than a level playing field.
January 13, 2017
Future of EU Cookie Compliance Webinar: ...
GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...View Article →
December 14, 2016
Draft EU ePrivacy Regulation Leaked...
A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...View Article →
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...
Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...View Article →