110 likes | 177 Views
Can data protection regulation ever keep pace with technological change?. Jonathan Bamford Assistant Information Commissioner. Are our DP laws stuck in time?. OECD Privacy Guidelines 1980
E N D
Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner
Are our DP laws stuck in time? • OECD Privacy Guidelines 1980 • Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No 108) 28 January 1981 & Protocol (ETS No 181) • What did information handling look like back then? • PC’s…Internet…mobile communications…CCTV… RFID?
Are our DP laws stuck in time? • UK Data Protection Act 1984 • European Union Directive 95/46/EC • UK Data Protection Act 1998 • Even since then there has been substantial changes in personal information handling
All have a similar set of core standards UK DPA 1998 requires personal data to be • processed fairly and lawfully • obtained only for specified and lawful purposes and further processed only in a compatible manner • adequate, relevant and not excessive • accurate and up to date • kept for no longer than necessary • processed in accordance with the rights of data subjects • kept secure • transferred outside the EEA only if there is adequate protection
Are these standards still relevant today? • ICO Research 2004-“Public attitudes to deployment of surveillance techniques in public places” • Chose privacy rules almost same as the DP Principles • IC commissioned research with Small and Medium Sized Enterprises in 2004 • 73% think DP principles are good for business • 91% agree that privacy is important to customers
Moves to particularise • European Union Directive on Privacy and Electronic Communications- 02/58/EC • UK Privacy and Electronic Communication Regulations
Constitutionalisation of DP • Articles 7 & 8 – Charter of Fundamental Rights of the European Union – Nice, 7 December 2000 • Proposed EU Constitution
Areas of wear and tear • Definitions- personal data, transfers, personal use- arsing from Durant and Bodil Lindqvist cases • Better regulatory powers to deal with telemarketing/spam • Need for proactive tools such as audit/inspection and privacy impact assessments
The challenge for DP regulators • Make sure the existing requirements are understood (lessons of ICO ‘Make Data Protection Simpler’ project) • Work together to clarify and enforce • Be proactive • Make sure we have the right tools for the job
Conclusions • The core of the existing law is still relevant and effective • Some of the defining terms are struggling to keep pace • Better tools are needed to deliver compliance
Any Questions? Information Commissioner Wycliffe House Water Lane Wilmslow SK9 5AF United Kingdom Switchboard. 01625 545 700 Helpline. 01625 545 745 Email. mail@ico.gsi.gov.uk www.informationcommissioner.gov.uk