Privacy Watchdogs Repeat Call For Data Breach Notification Law

Europe's privacy watchdogs have reiterated their demand for a data breach notification law and have said that a proposed new clause in an EU Directive could threaten computer users' privacy.

The Article 29 Working Party is a committee of data protection and privacy commissioners from the European Union's 27 member states. It has published a revised opinion on changes being planned to the Privacy and Electronic Communications Directive.

Alterations to the Directive are being negotiated between the European Commission, the European Parliament and the Council of Ministers, who are all yet to agree on exact changes.

The Working Party said that it strongly backed the Parliament's position that companies which provide services on the internet should go public if they lose people's personal data. The Commission and Council's plans only extend to telecoms companies.

The Working Party had called for a wider breach notification requirement in two previous opinions on proposed amendments to the Directive, issued in 2006 and 2008.

"Breach notifications may become an important tool for Data Protection Authorities to increase focus and effectiveness when enforcing the obligation of service providers to take appropriate security measures," it said in this month's opinion. "The Working Party strongly supports an extension of the scope of the obligation to Information Society Services."

"An extension of personal data breach notifications to Information Society Services is necessary given the ever increasing role these services play in the daily lives of European citizens, and the increasing amounts of personal data processed by these services. Online transactions including access to e-banking services, private sector medical records and online shopping are few examples of services that may be subject to personal data breaches causing significant risks to a large number of European citizens," it said.