- Privacy Commissioners adopt Privacy by Design resolution
- Commissioners accept FTC and Mexico as new members
- EU publishes its plans for revision of the Data Protection Directive
1. Privacy Commissioners adopt Privacy by Design resolution
The International Privacy Commissioners’ conference adopted a resolution in Israel last week which stresses the importance of Privacy by Design – embedding privacy into new technologies right from the beginning. The resolution:
- Recognises Privacy by Design as an essential component of fundamental privacy protection;
- Encourages the adoption of Privacy by Design to establish privacy as an organization’s default mode of operation;
- Invites Data Protection and Privacy Commissioners/Authorities to promote Privacy by Design in their jurisdictions.
The resolution was proposed by Ontario’s Privacy Commissioner, Dr Ann Cavoukian, who has for long been promoting the concept.
2. Commissioners accept FTC and Mexico as new members
The Privacy Commissioners’ International Conference last week accepted the US Federal Trade Commission (FTC) and the Mexican Federal Institute for Access to Information and Data Protection as new members.
The commissioners say that the FTC now has such authority and independence that are requirements for membership. The US application was not successful at last year’s conference, but since then, the FTC has started an enquiry into privacy and engaged in further talks with the EU Data Protection Commissioners.
Mexico, which adopted its Data Protection Act in April 2010, (PL&B International June 2010 p.1) will host the Commissioners’ International Conference in 2011.
3. EU publishes its plans for revision of the Data Protection Directive
The EU Commission on 4 November published a communication that outlines its aims and objectives for the revision of the EU Data Protection Directive. The Commission says that some of the specific challenges to be addressed relate to new technologies, and also address globalisation and international data transfers.
Key objectives are to:
- Strengthen individuals' rights
- Increase transparency for data subjects, for example, by introducing mandatory personal data breach notification
- Enhance data controllers' responsibility by making the appointment of an independent Data Protection Officer mandatory
- Include in the legal framework an obligation for controllers to carry out a data protection impact assessment where appropriate, and promote the use of Privacy Enhancing Technologies and implementation of Privacy by Design
- Enhance individuals’ control over their data including the so-called ‘right to be forgotten’
- Raise awareness
- Ensure informed and free consent
- Harmonise the conditions for processing sensitive data
- Make remedies and sanctions more effective
- Clarify and simplify the rules for international data transfers
- Encourage self-regulatory initiatives.
The Commission welcomes feedback on these issues. It will propose legislation in 2011.
See the Communication (Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions: A comprehensive approach on personal data protection in the European Union) at http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_en.pdf
These proposals will be discussed in detail at the Privacy Officers Network Meeting Roundtable with Christopher Graham, the United Kingdom’s Information Commissioner, on 27th January 2011 in London. This will be the ideal opportunity to share your views with him as an input into the consultation process.
Host: Latham & Watkins. Registration at www.privacylaws.com/epon_29
For further details on the Privacy Laws & Business International Newsletter, please click here.
Copyright Privacy Laws & Business 2010