The European Commission is planning to beef up the Data Protection Directive, strengthening the enforcement of the EU law and including introducing new demands that technologies and processes include 'privacy by design'.
The Directive is implemented in the UK by the Data Protection Act and governs the use that can be made of people's personal data.
EU Information Society and Media Commissioner Viviane Reding said in a speech yesterday that the Commission would soon publish plans to revise the Directive. The Commission has been conducting a consultation on the law.
"I can tell you that most responses [to that consultation] call for stronger and more consistent data protection legislation across the Union," she said. "We need to clarify the application of some key rules and principles, such as consent and transparency, in practice."
"We need to ensure that personal data are protected regardless of the location of the data controller [and] promote Privacy Enhancing Technologies (PETs), by introducing new evolving principles, such as ‘privacy by design’," she said.
Reding also spoke of the need to strengthen the enforcement of the Directive and to extend it into the areas of policing for which the EU has responsibility.
The Directive was passed in 1995 but Reding said that it is time for an update. "The world has changed and keeps changing since 1995," she said. "The EU has to lead the world when it comes to protecting personal data. As such the EU will have to provide a robust legal instrument to respond to the challenges posed by the rapid development of new technologies and by evolving security threats."
"The demand for personal data continues to grow massively, and so should our determination to reinforce the rights of individuals over the use of their personal data," she said.
Reding said that 'privacy by design' was an approach to developing products and services which involved considering data protection at the earliest stages of development, and was a process that the Commission wanted to encourage.
"I have had many opportunities to see the impressive power of innovation of information society and the creation of exciting and promising new products and services," said Reding. "Unfortunately, privacy and the protection of personal data were not always a key ingredient at the early development stage of these products and services."
"Here we need a change of approach: businesses must use their power of innovation to improve the protection of privacy and personal data from the very beginning of the development cycle," she said. "Privacy by Design will lead to better protection for individuals, as well as to trust and confidence in new services and products that will in turn have a positive impact on the economy."
Information law expert William Malcolm of Pinsent Masons, the law firm behind OUT-LAW.COM, said that though some of the changes were welcome, reform of the Directive need not be major.
"I would be surprised if there was sweeping change to the Directive," he said. "The Commission has made it clear in the past that it has no current plans to undertake fundamental reform of the Directive's provisions."
"The Directive has been criticised in the past for being to mechanistic and for being unable to respond to new technologies, so it will be interesting to see what tweaks or other changes would have the effect the Commissioner is looking for," he said.
"Privacy by design and privacy enhancing technologies are important areas that many governments, regulators and organisations are doing work on," said Malcolm. "But implementing these concepts doesn't necessarily require legal change as much as change in culture and approach. Any legal reform that helps achieve these objectives is welcome, but law makers need to concentrate on how they can promote awareness and cultural change in these areas in order to have the desired effect."