You are currently browsing EDRi's old website. Our new website is available at https://edri.org

EDRI-gram

If you wish to help EDRI promote digital rights, please consider making a private donation.


Flattr this

logo

EDRi booklets

The Privacy Platform Meeting: Reding outlines the way forward

23 March, 2011
» 
|

This article is also available in:
Deutsch: Privacy Platform Meeting: Kommissarin Reding skizziert den Weg

On 16 March 2011, Sophie In't Veld's Privacy Platform met in the European Parliament to discuss the state of play for the review of the data protection directive.

The cross-party meeting was co-chaired by EU Parliament members from the EPP, S&D, ALDE, the Greens and GUE. Speakers at the event included Vice-President of the Commission responsible for justice, fundamental rights and citizenship Viviane Reding and Axel Voss, German EPP member responsible for the Communication on a comprehensive approach to data protection in the EU in the European Parliament.

Like most meetings which aim to tackle this massive Directive, it was difficult to narrow discussions and focus on concrete problems or possible solutions. However, there was an emphasis on fundamental rights from many speakers.

In her keynote speech, Ms. Reding said that data protection was her "top legislative priority", while still hinting at the idea that a Regulation could replace the existing Directive, at least in part. She plans to enhance control and build individual rights in four pillars:

1. The right to be forgotten. Individuals have the right to withdraw consent to data processing, and it will be up to the data controllers to prove the need to collect or retain personal data.

2. Greater transparency. For data subjects, the use, collection and retention of personal data must be made clear, intelligible, easy to understand and easy to find. She made particular reference to social networking services and children.

3. Privacy by default. The term is different from the vaguely defined but often cited Privacy by Design, which Reding says is more of a technical solution. "Privacy settings often require considerable operational effort in order to be put in place," she said, so these settings are not a reliable indication of true consent, adding that "this needs to be changed".

4. Data protection regardless of data location. The data subject will enjoy protection, independent of the geographical region where the data is being collected and processed, without exception for third-party providers.

On enforcement, she cautioned that the EU would not hesitate to take action against non-EU companies that broke EU rules on the collection and retention of data. She proposed the establishment of national privacy watchdogs to investigate non-EU data controllers. She declared that "a US-based social network company that has millions of active users in Europe needs to comply with EU rules".

Mr. Voss and Commissioner Reding seemed to have divergent views on data protection. Where Commissioner Reding understands these rights as fundamental principles each human being is granted under all circumstances, Voss often questions how far data protection laws should stretch. This was particularly apparent when discussing data protection for criminals and anonymity and pseudonymity on the web.

Ms. In't Veld brought up the "rubber stamping" of consent, urging that the revised Directive should address this adequately. Commissioner Reding agreed that consent without choice cannot be considered "consent". Ensuring true transparency and choice, she explained, is one of the components of Privacy by Default.

A Dutch Pirate from the audience asked the panel how it planed to realistically protect the data of EU citizens regardless of geographical location, citing the request by the US authorities to access the Twitter data of individuals who may be linked to Julian Assange, the founder of WikiLeaks. Ms. In't Veld said there would soon be a meeting in the LIBE Committee to address this issue explicitly.

Mr. Voss' working document will be published and presented in the committee on 11 April. The vote in the committee will follow on 24 or 25 May, and the plenary vote on 22 June 2011. In advance of this, the EPP Group in the European Parliament will hold a hearing on 31 March - the invitation explains that "nowadays, the debate seems to be narrowly focussed on the perspective of consumer protection and the safeguarding of a free internet. We think there is more to discuss!"

As for the finalised version of the Data Protection Directive, the Commission plans to deliver it sometime in summer of 2011.

EU privacy law will extend to US social networks, vows Commissioner (17.03.2011)
http://www.out-law.com//default.aspx?page=11824

Commissioner Reding's keynote speech, Your data, your rights: safeguarding your rights in a connected world (16.03.2011)
http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/183&...

EPP Hearing invitation
http://www.edri.org/files/epp_hearing.pdf

(contribution by Raegan MacDonald - EDRi)

‹ French DPA fines Google for its Street View case with 100k EuroupFrench ISPs explain why blocking is wrong ›
Printer-friendly version
 
Site by Floatleft.

Syndicate:

Syndicate contentCreative Commons License

With financial support from the EU's Fundamental Rights and Citizenship Programme.
eu logo