Have you ever wondered what happens to your personal data when you set up a profile on a social networking site, open a bank account or share photos online? How and by whom is this data used? How do you go about permanently deleting profile information on social networking websites?

With the precise objective of addressing such issues, the European Commission recently embarked upon a strategy to strengthen current EU rules on data protection in order to ensure that the protection of an individual’s data is guaranteed in all policy areas. This means that social networking sites and online advertising firms might soon need to pull their act together in order to ensure that any private data collected from internet users is treated with the utmost respect.

Current EU rules on data protection and e-privacy already guarantee a considerable amount of protection. Nonetheless, the Commission has deemed that the time is ripe to update the current rules in order to ensure that technological developments in the online industry as well as new habits being adopted by consumers both at a social and at a retail level are being catered for.

Furthermore, the Commission has expressed its intention to ensure the protection of personal data in all policy areas, that is, including data retained for law enforcement purposes or for banking purposes. This would mean that personal information held by the police and criminal justice authorities or by the financial services industry would also be protected.

The main objective of the Commission’s strategy is to ensure that people are aware of what happens to the information which they share with companies, public authorities and social networking sites. In line with the envisaged new rules, holders of personal information, such as internet service providers or search engines, would have to reveal who is collecting data and for what purpose. The strategy also emphasises the need to introduce the right for individuals to request that their personal data is completely obliterated once it has served its original purpose.

As the current EU rules stand, only telecommunications companies are obliged to inform consumers if their personal details are unlawfully accessed, altered or destroyed by unauthorised persons. The Commission is now considering extending such an obligation to other sectors, such as the financial industry.

To ensure that personal data is adequately protected when transferred and processed outside the EU, the Commission is also intent on improving, strengthening and streamlining the current procedures for international data transfers. A third country must ensure an “adequate” level of protection of personal data in order for personal data to be transferred from the EU to that third country. Companies established in the EU will therefore only be able to send personal information outside the EU if the recipient is in a country offering a similar level of data protection.

Behavioural advertising, that is, the use by advertisers of an individual’s browsing history to send out adverts, has also been targeted by the Commission as a practice which requires stricter regulation. The EU’s ePrivacy Directive already makes provision for internet companies to inform users when their data is being downloaded. Indeed, the strict approach being adopted by the Commission has not been well received by Internet companies which insist that the matter has already been sufficiently regulated by the EU’s ePrivacy Directive.

The strategy also has the objective of ensuring a level playing field across Europe. Currently, EU countries do not implement data protection rules in a harmonised manner so that a multinational company operating in several member states could be subjected to different legal requirements depending on the state in question.

There is also a lack of clarity as to which country’s rules apply in defined circumstances. Such a stance serves as an obstacle to conducting business across EU borders. The new rules will ensure that multinational companies would only have one set of rules to contend with thus ensuring the free flow of data across EU borders.

Stakeholders and the public now have until anuary 15, 2011 to make their own views heard on the course of action outlined above. Following such a consultation period, the Commission will then proceed to publish new legislative rules, which will eventually be negotiated and adopted by the European Parliament and the Council of Ministers.

Statistics prove that a single social network service nowadays enjoys half a billion users on a worldwide basis. There is no denying that both individuals and enterprise stand to benefit from the ever increasing attraction of individuals towards the use of online products and services. Nonetheless, to my mind, such developments must not take place to the detriment of the necessary protection which ought to be afforded to the personal data of each and every one us. The move being considered by the Commission can only be considered as a step in the right direction.

mariosa@vellacardona.com

Dr Vella Cardona is a practising lawyer and a freelance consultant in EU, intellectual property, consumer protection and competition law. She is also a member of the National Commission for the Promotion of Equality.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.