The European Commission has issued a draft Communication to the European Parliament and the Council setting out how it intends to approach revising the legal framework for protecting personal data.
Included in this strategy, is:
1. The need to clarify how the data protection principles apply to new technologies (for example, cloud computing).
2. The Commission's aim to require social-networking sites and behavioural-advertising businesses to seek explicit consent from users before downloading their personal data and the necessity to make it possible for personal data to be permanently deleted. Although the Commission did not name any specific companies, the widely used Facebook networking site, does not allow a user to delete all their profile details from the company's servers, even if they have deactivated their profile.
3. The need to increase harmonization between data protection laws of the EU Member States and simplify the mechanisms for cross-border data transfers.
4. The need to ensure more effective enforcement by local data protection authorities in each EU Member State.
5. The need to strengthen the rules around consent and the need to improve privacy notices to ensure “informed consent”. This looks like it may include stating more clearly what information privacy notices should contain (possibly introducing EU model “privacy information notices”) and how they should be made available to individuals, especially children.
6. Consideration of the need for mandatory data protection risk assessments, breach notification and appointment of a Data Protection Officer.
7. Consideration of whether new categories of “Sensitive Personal Data” need to be included.
See: http://ec.europa.eu/justice/news/intro/news_intro_en.htm#20101104 for further information.
The Commission has asked for consultation responses on the review’s proposals by 15 January 2011.