According to the Commission, the current Data Directive – which was issued in 1995 – requires reformation following drastic changes in the ways individuals’ data is now being collected and used, particularly online. The Commission’s formal Communication to the European Parliament, which contains its outline for proposed changes, specifically cited social networks and online advertising companies.
“Social networking sites, with hundreds of millions of members spread across the globe, are perhaps the most obvious, but not the only, example of this phenomenon,” said the Communication, adding, “Ways of collecting personal data have become increasingly elaborated and less easily detectable…. Both the proliferation of actors involved in the provision of behavioral advertising and the technological complexity of the practice make it difficult for an individual to know and understand if personal data are being collected, by whom, and for what purpose.”
The Commission has therefore proposed laws giving individuals greater access to – and control of – the data that is held on them by organizations, as well as the ability to entirely delete that information. “The Commission will examine ways of clarifying the so-called ‘right to be forgotten,’ i.e. the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes,” it said.
The Commission also questioned what constitutes user consent for the collection of online data, echoing the discussions currently being held around the revised e-Privacy directive regarding the placing of cookies on users’ machines. “Clarification concerning the conditions for the data subject’s consent should therefore be provided, in order to always guarantee informed consent and ensure that the individual is fully aware that he or she is consenting, and to what data processing,” it said.
In a press release announcing the revision plans, European Commission Vice-President Viviane Reding, EU commissioner for justice, fundamental rights and citizenship, said, “The protection of personal data is a fundamental right. To guarantee this right, we need clear and consistent data protection rules. We also need to bring our laws up to date with the challenges raised by new technologies and globalization.”
The Commission is now calling on stakeholders and the public to comment on the proposals until 15 January 2011, after which it will present proposals for a new general data protection legal framework in 2011. Those proposals will then need to be negotiated and adopted by the European Parliament and the Council, before they are implemented locally by EU member states.
The Commission said it will also examine other measures, such as encouraging awareness-raising campaigns on data protection rights and possible self-regulation initiatives by industry bodies.