1 / 11

Can data protection regulation ever keep pace with technological change?

Can data protection regulation ever keep pace with technological change?. Jonathan Bamford Assistant Information Commissioner. Are our DP laws stuck in time?. OECD Privacy Guidelines 1980

buck
Download Presentation

Can data protection regulation ever keep pace with technological change?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner

  2. Are our DP laws stuck in time? • OECD Privacy Guidelines 1980 • Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No 108) 28 January 1981 & Protocol (ETS No 181) • What did information handling look like back then? • PC’s…Internet…mobile communications…CCTV… RFID?

  3. Are our DP laws stuck in time? • UK Data Protection Act 1984 • European Union Directive 95/46/EC • UK Data Protection Act 1998 • Even since then there has been substantial changes in personal information handling

  4. All have a similar set of core standards UK DPA 1998 requires personal data to be • processed fairly and lawfully • obtained only for specified and lawful purposes and further processed only in a compatible manner • adequate, relevant and not excessive • accurate and up to date • kept for no longer than necessary • processed in accordance with the rights of data subjects • kept secure • transferred outside the EEA only if there is adequate protection

  5. Are these standards still relevant today? • ICO Research 2004-“Public attitudes to deployment of surveillance techniques in public places” • Chose privacy rules almost same as the DP Principles • IC commissioned research with Small and Medium Sized Enterprises in 2004 • 73% think DP principles are good for business • 91% agree that privacy is important to customers

  6. Moves to particularise • European Union Directive on Privacy and Electronic Communications- 02/58/EC • UK Privacy and Electronic Communication Regulations

  7. Constitutionalisation of DP • Articles 7 & 8 – Charter of Fundamental Rights of the European Union – Nice, 7 December 2000 • Proposed EU Constitution

  8. Areas of wear and tear • Definitions- personal data, transfers, personal use- arsing from Durant and Bodil Lindqvist cases • Better regulatory powers to deal with telemarketing/spam • Need for proactive tools such as audit/inspection and privacy impact assessments

  9. The challenge for DP regulators • Make sure the existing requirements are understood (lessons of ICO ‘Make Data Protection Simpler’ project) • Work together to clarify and enforce • Be proactive • Make sure we have the right tools for the job

  10. Conclusions • The core of the existing law is still relevant and effective • Some of the defining terms are struggling to keep pace • Better tools are needed to deliver compliance

  11. Any Questions? Information Commissioner Wycliffe House Water Lane Wilmslow SK9 5AF United Kingdom Switchboard. 01625 545 700 Helpline. 01625 545 745 Email. mail@ico.gsi.gov.uk www.informationcommissioner.gov.uk

More Related