Feeds

Privacy watchdog urges stronger data protection in EU law review

Also calls for 'right to be forgotten' data-deletion right for citizens

Security for virtualized datacentres

Organisations that have lost personal data should be forced to disclose the data security breach, the European Union's privacy watchdog has said. Planned changes to EU privacy law do not go far enough, said the official.

The European Data Protection Supervisor (EDPS) Peter Hustinx has published an opinion urging the European Commission to extend the obligation to tell people when their data security has been compromised beyond current limits and has backed calls for a "right to be forgotten".

The Commission said in November that it would consider adopting a more wide-ranging security breach policy as part of a review of the Data Protection Directive.

A package of telecoms reform in 2009 contained the provision that telecommunications companies should inform subscribers if data is lost or stolen. The Commission is considering extending that requirement as part of its review.

Hustinx has urged the Commission to adopt the extension, saying that users of services have a right to know when data security has been compromised.

"Other data controllers are not covered by the [current] obligation. The reasons that justify the obligation fully apply to data controllers other than providers of electronic communication services," said the opinion (36-page/247KB PDF).

"The EDPS supports the introduction of a provision on personal data breach notification in the general instrument, which extends the obligation ... for certain providers to all data controllers," it said.

The EDPS analysis of the Commission's plans agreed with the problems the Commission had identified with the current law and backed its suggestions for improvements. But the EDPS "asks for more ambitious solutions to make the system more effective and give citizens better control over their personal data", according to a statement from his office.

"In an information society where huge amounts of personal information are constantly being processed, citizens need and expect to stay in control of their personal data," said Hustinx. "If we want to strengthen citizens' rights over their personal data, we need to ensure that individuals remain in control and that data controllers pro-actively include data protection in their business processes."

Hustinx said that the ongoing review of the Data Protection Directive should strengthen the rights of the subjects of data to know and control what information is held about them.

He said that in addition to the right to be informed of data security breaches they should have a 'right to be forgotten', meaning that they should be able to demand the deletion of information held about them by online service providers.

That proposal has proved controversial, since deleting information that is in the public domain is being seen by some as allowing the alteration of historical record.

The EDPS also backs a strengthening of rules to which organisations must adhere in order to stay within the revised Data Protection Directive.

"The new framework must contain incentives for data controllers in the public or private sector to pro-actively include new tools in their business processes to ensure compliance with data protection," said the EDPS statement. "The EDPS proposes the introduction of general provisions on accountability and 'privacy by design'."

Hustinx also said that national data protection authorities should be given greater powers as a result of the review, and that there should be more consistency between the way that the directive is implemented in the EU's 27 member states.

Copyright © 2010, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.