New Data Protection Framework
The Article 29 Working Party (Europe’s Data Protection “Think Tank”) is due to publish a proposal for a radical new framework for Data Protection in the EU.
An obvious conclusion to draw from the fact that the existing framework is to be radically overhauled is that it is no longer up to the job of regulating Data Protection in our current, information-rich (and increasingly information-hungry), society. Consider that the Data Protection Act in England and Wales came into force over a decade ago and that, in that decade, cloud computing, Google, Facebook and the various ever-more-clever Apple devices and tablets (to name but a few) have become part of the fabric of our everyday lives.
What will the new framework look like? The ICO’s view is that the following will be key;
• that the framework must be overarching, clear in scope and easy to understand and apply;
• that individuals should have clear, effective rights and simple, low-cost means of exercising them;
• that organisations should be responsible and accountable; and
• that the data protection authorities in member states remain independent, have effective powers and the flexibility to apply those powers in their own country as they see most appropriate.
The ICO speaks up for information rights and exists to promote openness by public bodies and data privacy for individuals. It is intended to uphold information rights in the public interest. However, today’s information-based society needs a Data Protection framework which both addresses the ICO’s concerns in relation to poor data management and, at the same time, enables digital innovation. Again, what will be key will be that essential balance between the rights of private individuals and the responsibilities of business in their use of personal data.
This balance is currently under the spotlight in relation to the use by website operators of “cookies” which are capable of building up detailed profiles of website users as they surf the internet but whose existence and purpose is not at all understood by the majority of “ordinary” people. The key issue here is behavioural advertising; the commercial benefit from targeted advertising needs to be weighed against the rights of individuals to understand and consent to processing of their personal data online.