Updating the EU Data Protection Directive

Dr Ian Brown, Oxford Internet Institute Where next for European data protection law?

New challenges and potential responses
Explosion in storage, comms & processing
Risk intolerance & efficiency, personalisation
Jurisdiction
Enforcement
Web 2.0
Streamline and move forward focus of regulation
Privacy by design
Couple wider exemptions for individuals with intermediary protections

Shift focus of regulation
Most organisations process small amounts of personal data for commonplace purposes - Best Available Techniques?
Privacy Impact Assessments and more prior checking for large-scale databases with potential to cause significant harm

Human rights standards
Interference with private life must be based on detailed, clear, precise, foreseeable law ( Copland v UK )
Systems must limit access to data to those who have a proportionate requirement for access ( I v Finland )
Bleeding-edge states have a particular duty to consider impact of databases upon privacy ( S & Marper v UK )
Only 5 of 46 major UK government databases we reviewed met these standards
R Anderson, I Brown, T Dowty, P Inglesant, W Heath & A Sasse (2009) Database State , Joseph Rowntree Reform Trust

Designing for privacy
Data minimisation key: is your data really necessary? Limit personal data collection, storage, access and usage
Users must also be notified and consent to the processing of data
Ade Rowbotham (2005)

Individuals ≠ data controllers
How sustainable is Lindqvist?
Can we widen domestic processing exemption…
… alongside better privacy protection by infomediaries?
Nudges?
Expedited temporary restrictions on sharing?
L Edwards & I Brown (2009) Data Control and Social Networking: Irreconcilable Ideas? In Matwyshyn, A. (ed.) Harboring Data: Information Security, Law and the Corporation, Stanford University Press

Updating the EU Data Protection Directive

by Ian Brown on Jun 13, 2009

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 35

Statistics

Updating the EU Data Protection Directive — Presentation Transcript