A report backed by the outgoing UK data privacy watchdog Richard Thomas has called for European legislation to be revised because the 1995 EU Data Protection Directive is flawed and needs to be updated.
Sponsored by The Information Commissioner’s Office, the Review of the European Data Protection Directive has outlined nine recommendations on how the law can remain valid in the face of new challenges.
“Although the flexibility of the Directive helps it to remain current, its effectiveness is undermined by the complexity of the cultural and national differences across which it must operate,” the report states.
The view is that increased globalisation, the ongoing march of technological capability and the changing ways that personal data is used need to be addressed by the legislation.
“The personal data agenda has become more acute. Data sharing and biometrics are increasingly regarded as valid tools for combating serious crime and international terrorism, and the creation of extensive databases of fingerprints is planned for the near future. Identity cards for the general public containing electronic fingerprints are already being rolled out in some countries, with several more planning to deploy such systems.”
Commissioned to examine the strengths and weaknesses of the European Data Protection Directive, the aim behind the study was to propose avenues for improvement.
Among its recommendations, the report proposes that the law should be clear about the outcomes it seeks; there should be stronger focus on the accountability of all organisations for safeguarding the information they handle; a more strategic approach to enforcement is needed; and improved arrangements are needed for the export of personal data outside the European area.
Richard Thomas said, “The Directive is showing its age. Modern approaches to regulation mean that laws must concentrate on the real risks that people face in the modern world, must avoid unnecessary burdens, and must work well in practice.”
The report also noted that the way individuals are creating, using and storing personal data is contributing directly to how these factors play out.
Large amounts of personal data are now stored on mobile phones, and social networking sites. Phones are now used as location-aware devices and interfaces to payment systems. Individuals can become publishers permitting audio-visual recording of personal data to be collected and transferred to the internet for limitless onward transfer and persistent storage. Web 2.0 technologies can also enable business activities such as behavioural advertising, which targets customers based on an in-depth understanding of their online browsing habits.
“This study is not meant to be an immediate blueprint for a new Directive. But we are hoping that its recommendations will stimulate debate and to encourage people to think about what 21st century data protection law should look like,” Thomas said.
The House of Commons Justice Committee has endorsed Christopher Graham’s appointment as the next Information Commissioner when Richard Thomas retires in June 2009.
Soon after the ICO requested this review, the European Commission apparently went on to publish its own request for a similar study.