Privacy Platform Meeting

This article is also available in:
Deutsch: [Privacy Platform Meeting | http://www.unwatched.org/node/2443]

On 1 December 2010, the Privacy Platform held a meeting on the Commission’s
recent Communication on updating the Data Protection Directive. Hosted by
Sophie in’t Veld MEP, the panel consisted of: Martin Selmayr, Head of
Commissioner Reding’s cabinet (who spoke in her absence as the Commissioner
was ill), Jacob Kohnstamm, Chairman of the Article 29 WP, and Peter Hustinx,
the European Data Protection Supervisor.

The meeting was well attended and overall, it followed standard storyline.
In regard to the Communication and future steps for the revised Data
Protection Directive, Mr. Kohnstamm urged that more ambition was needed, and
listed five general principles that should be kept in mind. First that class
action is a necessity, the patchwork of data protection rules should be a
thing of the past (particularly in the post-Lisbon EU), the duty of
controllers should be strengthened, privacy by design should be addressed
more thoroughly and that there should be better enforcement powers for data
protection authorities (DPA).

Peter Hustinx, echoing many statements in support of the Article 29 WP
Chairman, emphasized the need to take a bold approach, particularly in terms
of enforcement, accountability, harmonisation and including privacy by
design into the beginning of the development process rather than tackling it
at the end. This approach is outlined in more detail in his recently
published policy paper which outlines a more robust approach to data
protection.

The issue of real consent was discussed throughout the meeting, where Marc
Rotenberg from the Electronic Privacy Information Center (EPIC), commented
that “consent” is often anti-privacy, as its terms are dictated by the firm
in question. Mr. Hustinx agreed, saying that transparency does not equal
consent. Sophie in’t Veld made the point that consent implies choice, but in
reality, “choice” does not really exist.

In regard to public authorities taking more responsibility and
accountability, Ms. In’t Veld pointed to the irony that they are usually the
greatest violators of privacy, illustrating another dilemma with regards to
attaining adequate data protection in the information society.

There was discussion of sanctions and better enforcement measures for the
Data Protection Directive and for DPAs. Mr. Kohnstamm agreed that more
sanctions are needed, but that the measures also need to expand power and
scope in order to logistically take on the added load (adding that currently
there are only 80 employees in his DPA).

The public consultation on the Communication is open until 15 January 2011.
The Commission plans to release the final review of the Data Protection
Directive sometime “around” the summer of 2011.

Videoclips from the Privacy Platform meeting:
Sophie In’t Veld

Peter Hustinx, EDPS

Commission Communication on “a comprehensive strategy on data protection in
the European Union”
http://www.statewatch.org/news/2010/oct/eu-com-draft-communication-data-protection.pdf

EDPS Policy Paper on Monitoring and Ensuring Compliance with Regulation (EC)
45/2001 (13.12.2010)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/Publications/Papers/PolicyP/10-12-13_PP_Compliance_EN.pdf

(contribution by Raegan MacDonald – EDRi)