The European Commission [official website] on Thursday released a 20-page document [text, PDF] outlining recommendations for stronger Internet privacy laws. The recommendations come after a review of its 15 year-old privacy laws [WP report]. The document addresses issues including "improving the coherence of the data protection legal framework," "enhancing control over one's own data" and "ensuring informed and free consent." If followed, the proposed measures could make it easier for people to delete information about themselves on the Internet and increase enforcement for websites that breach their users' privacy. The writers also argued for why the new measures are necessary:
Like technology, the way our personal data is used and shared in our society is changing all the time. The challenge this poses to legislators is to establish a legislative framework that will stand the test of time. At the end of the reform process, Europe's data protection rules should continue to guarantee a high level of protection and provide legal certainty to individuals, public administrations and businesses in the internal market alike for several generations. No matter how complex the situation or how sophisticated the technology, clarity must exist on the applicable rules and standards that national authorities have to enforce and that businesses and technology developers must comply with. Individuals should also have clarity about the rights they enjoy.Next year, the Commission will propose legislation aimed at revising the legal framework for data protection, the report says.
In September, the Commission announced that it would refer the UK to the European Court of Justice for not fully complying with EU regulations [JURIST report] that protect the privacy of electronic communications. The EU has found UK law in breach of the ePrivacy Directive 2002/58/EC and the Data Protection Directive 95/46/EC [texts], regulations regarding consent to interception and the role of enforcement and supervisory committees. Specifically, current UK law does not provide for an independent national authority to supervise the interception of some communications, it allows for communications to be received without fulfilling the EU definition of consent and it does not have a mechanism that ensures sanctions for unlawful unintentional interception, as required by EU law. The EC formally notified [JURIST report] the UK in April 2009 that it was starting infringement proceedings for failure to follow EU Internet privacy and data protection rules.