Europe Cares About Privacy, So You Must Too

. What's this?

By Scott Bradner

February 07, 2012Network World — In late January, the European Commission published a proposal "on the protection of individuals with regard to the processing of personal data and on the free movement of such data."

The commission also published an introductory statement about the proposal and a staff analysis of the impact of the proposal. The proposal is extensive, more than 100 pages covering every facet of the gathering, processing, movement and protection of data about people. In concept, the proposal does not differ all that much from the existing European approach to data collected by businesses about people. The principles are the same: get permission from individuals before you collect information about them, tell them what the information will be used for, only collect what you need, only keep it for as long as you need to, protect the information properly and do not give the information to someone who will not protect it.

But the new proposal adds some requirements and a lot of operational detail to these principles as well as some rather big teeth to be sure that the rules are followed. A company can be fined up to 2% of its worldwide cash flow for willfully disregarding the requirements.A

One apparent major addition, the right to be forgotten, is, in part, a clarification of the idea that since you have to have permission to collect information about someone, if they withdraw that permission you need to delete what information you have collected. It is hard to tell exactly how the nine paragraphs in Article 17 that describe the right to be forgotten will be interpreted when it comes to third parties such as search engines that just report on what information is out there. It is also hard to predict how these rules will be interpreted when it comes to public information such as criminal convictions. It seems like it would be a really bad idea to let someone erase that kind of history.

Even if the proposals are accepted as-is it will be at least two years before they could go into effect, so there is no immediate worry, other than the worry U.S. companies should already have about the existing EU privacy rules. If you work for one of these companies and you have not looked into the U.S. Department of Commerce Safe Harbor program, you should do so real soon.

Naturally, the first reaction from U.S. businesses is that the EC proposal would be a burden on business rather than something that would be good for Internet users.

Originally published on www.networkworld.com. Click here to read the original story.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER