Wall Street Journal blog
Reding Details Sweeping Changes to EU Data Laws
By Ben Rooney
- Getty Images
- Reding: Companies must report data losses within 24 hours.
MUNICH — European Commission proposals over the strict handling of data will give European companies a competitive advantage in the world, said EU Commissioner Viviane Reding.
“Personal data is the currency of today’s digital market,” the European commissioner for justice told delegates at the DLD conference in Munich. “And like any currency, it needs stability and trust. Only if consumers can ‘trust’ that their data is well protected, will they continue to entrust businesses and authorities with it, buy online, and accept new services.”
In a bill to be published Wednesday, Ms. Reding aims to reform comprehensively European data regulations, eliminate red tape and save €2.3 billion in costs. Her proposals would see a pan-European regulation, replacing the existing patchwork of 27 national codes, as well as giving citizens the right to control their data, including the right “to be forgotten.”
“A company will have to comply with one law for the whole of the EU territory. It will only have to deal with one single data protection authority. It will be the data protection authority of the member state in which the company has its main establishment. It will not matter anymore which data protection authority deals with a case. All data protection authorities in whatever EU country will have the same adequate tools and powers to enforce EU-law.”
She calls for the establishment of clear rules for international data transfers.
“It seems odd that data held by a European company is adequately protected whilst it is inside the borders of the European Union, but not when it is transferred to a different part of that same company in Asia or South America.
“In the Internet age, data protection laws need to take account of this global dimension. If they only focus on the activities of a company within a given country, they will not reflect reality.
“I therefore want to improve the current system of binding corporate rules to make these exchanges less burdensome and more secure.”
Ms. Reding outlined her proposals for how European citizens would be able to control their data.
“First, people need to be informed about the processing of their data in simple and clear language. Internet users must be told which data is collected, for what purposes and how long it will be stored. They need to know how it might be used by third parties. They must know their rights and which authority to address if those rights are violated.
“Second, whenever users give their agreement to the processing of their data, it has to be meaningful. In short, people’s consent needs to be specific and given explicitly.
“Thirdly, the reform will give individuals better control over their own data. I will include easier access to one’s own data in the new rules. People must be able to easily take their data to another provider or have it deleted if they no longer want it to be used.”
This last point includes the controversial, “right to be forgotten,” which some commentators have seen as an attempt to change history. What Ms. Reding proposes is any data that a user has given to site should be able to be recalled. She stressed that it was not about deleting content from archives.
“The right to be forgotten is of course not an absolute right. There are cases where there is a legitimate and legally justified interest to keep data in a data base. The archives of a newspaper are a good example. It is clear that the right to be forgotten cannot amount to a right of the total erasure of history. Neither must the right to be forgotten take precedence over freedom of expression or freedom of the media.”
And in a clear swipe at the tardiness with which some companies have delayed informing users of breaches of their data, Ms. Reding’s proposals would require companies that suffer a data leak to inform the data protection authorities and the individuals concerned, and they must do so without undue delay.
“As a general rule, without undue delay means for me within 24 hours,” she said.
No comments:
Post a Comment