The European Commission has vowed to simplify rules on data protection and is considering establishing a voluntary register for companies in non-E.U. countries that agree to abide by the region's data protection standards.
“The current lack of harmonization on data protection at European Union level comes at a huge cost and is detrimental to everyone, companies and citizens alike,” said Justice Commissioner Viviane Reding on Wednesday, adding that she plans to harmonize rules across the E.U. and clarify which law applies to a company active in several member states.
This is good news for businesses. She also vowed to cut “excessively bureaucratic, unnecessary and ineffective” notification requirements, while at the same time saying she wants to introduce a mandatory data breach notification requirement, for all sectors: banking data, data collected by social networks or by providers of online video games.
Echoing an opinion taken by the Article 29 Working Group (an independent data watchdog) earlier this week, the Commissioner also agreed to designate geolocation information as private data. “Movements of citizens should not be tracked without their explicit consent. Storing location data may lead to betraying the location of users,” said Reding.
Movement of European citizens’ data outside the E.U. has also come under scrutiny. Currently, data transfers outside the European Union are allowed only to countries that ensure an adequate level of protection or if there is a standard contract between two companies on data safeguards.
“The key principle of E.U. data protection rules is that users have to give consent before their data is used. This information cannot be passed on without the user’s approval and companies cannot use it for purposes other than what was agreed. I am thinking about the creation of an E.U. mechanism for third country providers to voluntarily adhere to E.U. data protection rules. Such a mechanism would be possibly linked to certification and with guarantees for auditing and enforcement,” explained Reding.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.