Feeds

Privacy laws should be overhauled, says European regulator

Locks horns with Google

The Essential Guide to IT Transformation

Europe's top privacy regulator has said European privacy laws will need to be overhauled in just five years' time. He also said the rules governing which countries can be sent Europeans' data could be improved.

Speaking at a European think tank debate on privacy and featured in technology law podcast OUT-LAW Radio, European Data Protection Supervisor Peter Hustinx sparred with Google head of privacy Peter Fleischer, but agreed with him that European privacy laws overall will need re-examining in five years' time.

"I would expect that some five years down the road, we need to see some changes in the existing framework," said Hustinx, the European Data Protection Supervisor (EDPS). "Where? Not in the principles, although some parts perhaps need to be revisited, my emphasis would be we need more flexible arrangements to make it work better, to make it more effective."

Hustinx went on to say he would consider recommending the adoption of some principles from the framework published by the Asia Pacific Economic Co-operation body into European rules.

Fleischer went further in outlining why he thought European privacy rules were outdated.

"Data is flowing around the world all the time in ways that were simply unimaginable back in, lets just take 1980 as an example, when the OECD principles were first being promulgated. The amount of data that is flowing across borders today, a quarter century later, is millions, millions of times greater than it was then.

"The internet, I think, is the most fundamental revolution in data collection and data transfer since the development of the printing press. If the most fundamental revolution in the last 500 years is not going to present some challenges to traditional notions of data protection I do not think we are challenging ourselves to think things through."

Both men agreed that the rules governing the transfer of data out of the EU needed work. They say data can only be transferred to countries with as thorough privacy protections as the EU, in which case that country is deemed "adequate".

Fleischer pointed out that a simple credit card transaction passed through six or seven countries and that the standards set by Europe were extremely unlikely to be met by most of the world's countries.

Hustinx, who is charged with overseeing European agencies' transfers of data outside the EU, agreed there were some problems with the adequacy regime.

"We need to revisit the general legal framework," said Hustinx. " I agree with Peter Fleischer when he says that the mechanism of adequacy findings is probably too cumbersome, but this is what we have now.

"We probably can do better. We need to make sure that we build in more global privacy into these European frameworks.".

Fleischer and Hustinx have been locked in a battle this year over the retention of identifying information linking people to their Google search engine queries. Google reduced the time for which it keeps this data from an indefinite period to 18 months, claiming it is required to by the EU's Data Retention Directive, which orders telecoms firms to keep call log data.

"That Data Retention Directive does not apply to content like searching behaviour on the net," said Hustinx. "It does apply, to some traffic data in e-mail but in terms of internet browsing behaviour it is minimal indeed, so let us not be confused about this."

Fleischer said companies had to balance competing concerns. "Data retention obligations for companies are not just about the directives that we call data retention. Companies have to keep things for all kinds of other reasons, tax reasons, accounting reasons, because your customers like your advertisers might come back to you and say, 'Gee you just charged me €10,000 show me why'. You have to have records."

Fleischer did express confusion, though, about exactly what a company was supposed to do amidst the uncertainty. "Going forward, data retention: who knows?" he said. "Who knows how that is all supposed to work? And I do not mean to be flippant, I am actually trying to figure it out, being one of the people it is directed at."

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.