Presentation on theme: "Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner."— Presentation transcript:
Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner
Are our DP laws stuck in time? OECD Privacy Guidelines 1980 Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No 108) 28 January 1981 & Protocol (ETS No 181) What did information handling look like back then? PCs…Internet…mobile communications…CCTV… RFID?
Are our DP laws stuck in time? UK Data Protection Act 1984 European Union Directive 95/46/EC UK Data Protection Act 1998 Even since then there has been substantial changes in personal information handling
All have a similar set of core standards UK DPA 1998 requires personal data to be processed fairly and lawfully obtained only for specified and lawful purposes and further processed only in a compatible manner adequate, relevant and not excessive accurate and up to date kept for no longer than necessary processed in accordance with the rights of data subjects kept secure transferred outside the EEA only if there is adequate protection
Are these standards still relevant today? ICO Research 2004-Public attitudes to deployment of surveillance techniques in public places Chose privacy rules almost same as the DP Principles IC commissioned research with Small and Medium Sized Enterprises in 2004 73% think DP principles are good for business 91% agree that privacy is important to customers
Moves to particularise European Union Directive on Privacy and Electronic Communications- 02/58/EC UK Privacy and Electronic Communication Regulations
Constitutionalisation of DP Articles 7 & 8 – Charter of Fundamental Rights of the European Union – Nice, 7 December 2000 Proposed EU Constitution
Areas of wear and tear Definitions- personal data, transfers, personal use- arsing from Durant and Bodil Lindqvist cases Better regulatory powers to deal with telemarketing/spam Need for proactive tools such as audit/inspection and privacy impact assessments
The challenge for DP regulators Make sure the existing requirements are understood (lessons of ICO Make Data Protection Simpler project) Work together to clarify and enforce Be proactive Make sure we have the right tools for the job
Conclusions The core of the existing law is still relevant and effective Some of the defining terms are struggling to keep pace Better tools are needed to deliver compliance
Any Questions? Information Commissioner Wycliffe House Water Lane Wilmslow SK9 5AF United Kingdom Switchboard. 01625 545 700 Helpline. 01625 545 745 Email. firstname.lastname@example.org@ico.gsi.gov.uk www.informationcommissioner.gov.uk
Your consent to our cookies if you continue to use this website.