EU Proposes Stricter Data Collection Rules

By John Wagley

The European Union (EU) yesterday issued a strategy paper aimed at strengthening the protection of personal data collected by social networking and other Web sites. The paper seeks to lay the foundation for a broad new legal framework that would update the EU’s key 1995 Data Protection Initiative.

New data collection rules are needed to keep up with developments in online and cloud-based services, according to the paper. The document comes after a year in which large tech firms such as Google and Facebook have faced growing criticism over their privacy policies, especially with regard to the collection of customer's personal data and sharing of data with third-parties such as online advertisers.

The document lays out key legislative goals, including limiting data collected on individuals to the minimum necessary. Consumers should also be clearly informed about when their data is collected, how it is shared, and how long it might be stored, according to the EU document. People also have the right to “be forgotten,” states the paper, when personal data is no longer needed or when consumers would like it to be deleted.

The document proposes strengthening the enforcement of data collection policies across the 27 EU member states. Other stated goals are to ensure a high level of protection for data transferred outside the EU and to simplify the process of international data transfers.

The EU is asking for comments on the policy proposal, with the comment period remaining open through January 15, 2011. It plans to introduce legislation in 2011. Any new law would have to be adopted by EU members and the European Parliament and then approved by individual governments.

Europe has generally taken a more regulatory, privacy-oriented stance on personal data collection compared to the United States, which has taken a more market-driven approach.

Among the data collection and privacy concerns that have come to the fore in recent months has been the controversy surrounding Google’s unauthorized collection of personal data as a part of its Street View project. The company has faced criticism and investigations by several governments over its collection of personal data such as passwords and e-mail messages from open Wi-Fi networks. Google has repeatedly apologized for such collection and has taken steps to strengthen its internal privacy procedures, it says.

Facebook has also faced criticism over data handling, in its case, the issue has been the sharing of user data with other sites. The company recently acknowledged that it had inadvertently shared some user data with a limited number of third-party companies. It has since taken technical and other measures to curb any further sharing.

The FTC has also said that it plans to introduce guidelines in the coming months to help clarify rules surrounding personal data collection, online advertising, and privacy policies.


PHOTO CREDIT: Steve Cadman/flickr/creative commons license


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.