EC COMMISSION PROPOSES STRENGTHENING EU DATA PROTECTION LEGISLATION

On 4 November 2010, the European Commission published a communication in which it set out its vision for the future of EU data protection legislation. The communication makes clear that the Commission is intending to propose new legislation in 2011. You can find the communication here. Notable points emerging from the communication include that the Commission is considering:

       introducing a ‘general principle of transparent processing’ aimed at ensuring that data controllers are more transparent as to how they are processing personal data;

 

       whether the definition of sensitive personal data should be expanded so that it includes for example genetic data;

 

       clarifying and strengthening the rules on consent so that it will be clearer when a data subject can be taken to have consented to processing of his or her personal data;

 

       extending powers of enforcement to civil society associations as well as other associations representing the interests of data subjects;

 

       strengthening existing sanctions for non-compliance, including providing explicitly for criminal sanctions in the case of serious violations;

 

       requiring data controllers to appoint independent data protection officers (subject to a recognition of the need not to overburden small enterprises);

 

       requiring data controllers to carry out data protection impact assessments in certain cases; and

 

       imposing new rules designed to strengthen, clarify and harmonise the status and powers of national data protection authorities.

PRIVACY BY DESIGN – NEW OPINION FROM THE EUROPEAN DATA PROTECTION SUPERVISOR

The European Data Protection Supervisor last week adopted a new opinion examining the question of how effectively to safeguard data protection and privacy rights in the fast-moving world of information technology. The central thrust of the opinion is that new information technologies themselves need to be developed in a way which protects personal data and privacy, rather than simply being subject to possibly ineffective control policies once they have been developed. This so called ‘privacy by design’ approach to developing new technologies is intended to build public trust in the information society.