The new Data Protection Directive of the EU: a closer look

A look at the proposals for the EU’s Data Protection Directive.

The ‘ownership’ of personal data is a hot topic, certainly in this ‘social’ day and age. Recent data issues at some of the newest social phenomenons, such as Pinterest, further spark the debate on data protection and privacy.

It has become a daily debate and goes beyond social networks such as Facebook, online companies such as Google and online advertising practices such as behavioural targeting.

Data protection and privacy play in many areas. Sometimes it’s easy to work out who owns something; you walk into a shop, hand over some money and walk out with some goods. There is a clearly-defined moment when ownership of the goods passes from the shop to you.

But ownership is often unclear, and nowhere more so than with our so-called “personal data”. Information about each and every one of us sits on countless databases; who we are, where we’ve been, what we’ve bought, what we’ve been doing, when we’ve been doing it and with whom. Our personal rights about our personal data are governed by a set of rules drawn up in 1995, several lifetimes ago in the internet age

So the EU is drawing up a new Data Protection Directive that will change the lives of every individual and company in Europe and is aimed at building greater trust in online dealings (both commercial and social).

Some of the proposals in the Data Protection Directive

  • A right to be forgotten. The Directive will mean that individuals own their data and companies only borrow or rent it, meaning that individuals will be able to tell companies to delete all the data they have about them. There will also be the right of “data portability” – the ability for individuals to move data from one organisation to another.
  • New rules on data breaches. Organisations will have to tell customers if their information has been obtained by hackers, usually within 24 hours.
  • Significant fines. Data breaches, or failure to comply with the new Directive, could see organisations fined up to two per cent of their annual global turnover.
  • A single set of rules. There will be consistency across all EU member states (and these rules extend to EU-based organisations handling EU citizen data abroad). This should encourage more cross-border commerce as individuals will have a guarantee about the security of their data. It will also make it easier for pan-European companies, who currently have to comply with multiple sets of regulation.
  • Data Protection Officers. Companies with more than 250 employees will have to appoint someone to ensure they comply with the regulations.

Some of the major players have already been tightening up their privacy rules but these proposals (expected to come into effect in 2014) are far more sweeping, will be costly to implement and even costlier NOT to implement.

What do you think? Share your thoughts by commenting below or joining the conversation in the BT Let’s Talk LinkedIn Group.

Speak Your Mind