1995 seems light years away, at least in technological terms. That year we saw the launch of Windows 95 to the tune of the Stones' Start Me Up. We also experienced the first deployment of javascript as well as the announcement of a new optical disc storage media format, the DVD.
Fifteen years ago Newsweek magazine had run a story titled 'The Internet? Bah!' basically underlining the fact that the internet is a complete waste of time. Well, that was 1995. Google was not yet conceived, no wifi and only 16 million people connected to the internet. We were still happy with our single speed CD-ROM drives, telex was still around and Web 2.0 was the realm of science fiction Hollywood blockbusters. Mark Zuckenberg, the founder of facebook, was eleven. Analog was still king.
1995 was also the year when the EU Data Protection Directive was introduced. Following substantial work which had already been done by the Council of Europe, Directive 95/46/EC enshrined our fundamental right to privacy and created the necessary legislative backdrop for the processing of personal data. It set the basic principles on how privacy could be protected and laid down the data protection commandments whilst also acting as an instigator to the further introduction of specific regulations dealing with the processing of personal data in sectors such telecommunications or the use of personal data by the police.
Back in 1995, the Data Protection Directive was an important milestone. Its technology neutrality approach stood the test of time but, in internet terms, is a law introduced in 1995 nothing more than an ancient text? Perhaps.
Our world has changed a lot in 15 years, not only in technological terms but also in light of other issues such as globalisation and the rise of terrorism. Analog is dead. Google is king. Web2.0 is almost already passe' and a film camera is a collector's item. Social networks are the norm and anyone who has no facebook account is a spider living on Mars.
Following a review initiated in 2009, the European Commission earlier this month, launched an effort to bring our data protection laws into today's digital world, setting out a strategy to bring data protection up to date with the various challenges raised by new technologies that surround us and have factually become ubiquitous. The European Commission has also launched a public consultation exercise with a view to propose refreshed legislation sometime in 2011.
Modernising our present data protection legislative frameworks will, amongst other issues, focus on regulating in a more effective way our online personas and the way personal data is being processed through the myriad of online applications that we constantly consume. The legislative revision will also address issues such as reducing red tape vis-à-vis the flows of personal data both between Member States but also in relation to data being transferred abroad. A revision of rules relating to data protection in the areas of police and security matters as well as a rethink of data retention rules is also on the table.
Whilst the core principles of Directive 46/95/EC remain valid, a more comprehensive and coherent approach was felt required in order to reflect technological and social changes. Broadband internet, user-generated content and social network are only a few issues which have changed our data protection landscape. Whilst the EU is in no way rejecting technological change, it needs to ensure that the privacy of individuals is protected whether we are addicted to social networks or depend on cloud computing.
Control over one's own personal data is one of the key elements instigating this legislative revision. The advancements in technology have meant that we were slowly but surely losing control of our own personal data. This does not mean however that social norms have changed so much that one should consider the concept of privacy 'dead'. We leave those statements to Mark Zuckenberg.
Our laws need to ensure, today more than fifteen years ago, that we can be in control of our own personal data irrespective of the applications we use in an online environment especially when data is being processed about us in ways we never considered possible.
The European Commission is also stressing on the "right to be forgotten" so that individuals should have a right to have any data relating to them totally removed when it is no longer required for the purposes it was collected. This is especially relevant to social networking sites whereby users should have a legal right to have all data, including photos, completely removed should they wish so. The same applies for behavioural advertising and users should be more aware of what is happening behind the scenes especially when search engines become more powerful and our browsing history enables online retailers to provide us with more personalised search results. What the Commission is trying to achieve with the revised legislation is seamless, consistent and effective protection.
Apart from revised laws, the European Commission is also considering a whole array of non-legislative measures such as campaigns raising awareness, self-regulation as well as the possibility of EU certification schemes.
Surely, strengthening our right to privacy and increasing data transparency should remain at the very centre of any data protection legislative review with special attention to the specific areas which require further attention such as data relating to children as well as sensitive data such as medical information or political opinions. Let's just hope that after this process is concluded we shall all feel a little bit safer when spending time attending to our social network account.
No comments:
Post a Comment