Feeds

EU privacy watchdog laments weakened privacy proposals

Council of ministers 'watering down' protection

Securing Web Applications Made Simple and Scalable

The European Union's Council of Ministers has weakened proposals to overhaul EU privacy laws and left people with fewer protections for their personal information, the privacy watchdog for EU institutions has warned.

The European Data Protection Supervisor (EDPS) has said that the Council's revisions to European Parliament and Commission plans to update electronic privacy law leave citizens less protected than before. "In quite a few cases [Parliament and Commission] amendments offering safeguards to the citizens are deleted or substantially weakened," said the EDPS opinion. "As a result, the level of protection offered to individuals in [the Council-amended version of the plans] is substantially weakened."

The European Commission's Privacy and Electronic Communications (PEC) Directive is under review, a process which has involved the Council amending proposals made by the Commission and the Parliament.

EDPS Peter Hustinx said that he had made suggestions about how privacy rights could be strengthened, and that not only had they been ignored but the Council had watered down existing plans.

The EDPS ensures that EU bodies comply with data protection law and provides advice on privacy and data protection issues.

The new revisions to the PEC Directive include the creation of a security breach notification law, which would force companies which lose personal information to make that loss publicly known.

In an opinion last year, Hustinx said that the application of this should be extended beyond the planned telecoms service providers and should also apply to those providing services over the internet.

"Citizens will expect such a system to apply not only to their Internet access providers, but also to their on-line banks and on-line pharmacies," he said. "The full benefits of security breach notification will be best realized if the legal framework is set right from the outset. To this end, the Parliament and the Council will need to meet the challenge of determining the proper standard setting forth the conditions for notification and ensuring that the appropriate processes are put into effect."

Hustinx also backed the Parliament's proposal that gives consumers associations the ability to take action against organisations that breach the Directive's provisions.

One area in which Hustinx disagrees with all three EU bodies is in the plan to collect and monitor internet traffic for security purposes. The EDPS said that this was "unnecessary".

"In the EDPS view, such a provision may be subject to risk of abuse, especially if adopted in a form that does not include the necessary data protection safeguards," said an EDPS statement.

See: The opinion (20-page/35KB pdf)

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Application security programs and practises

More from The Register

next story
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
UK.gov's Open Source switch WON'T get rid of Microsoft, y'know
What do you mean, we've ditched Redmond in favour of IBM?!
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.