Europe's most senior data protection official has called for
clarification of existing European Union rules on data protection,
amid concerns that corporations are abusing the right of people to
see data about them.
European data protection ombudsman Jacob Soderman has written to
European Commission president Romano Prodi, expressing fears that
data protection rules are being misinterpreted.
"This misinterpretation risks subverting the principle of openness
and the public's right of access to documents, both at the level of
the Union and in the Member States," Soderman said.
In his letter the ombudsman proposed changes to existing data
protection directives that date back to 1995. The letter to Prodi
and the paper,
The misuse of data protection rules in the
European Union can be found on the ombudsman's Web site at:
www.euro-ombudsman.eu.int/letters/en/default.htm
Soderman's initiative comes after a two-day conference on data
protection in the EU, held in Brussels. His call for action was
backed up by a survey of more than 9,000 EU citizens, who said they
feel the level of data protection for individuals in the EU is
inadequate.
Most respondents in the survey said they fear their data could be
misused while they used the Internet, in particular when conducting
online financial transactions.
The conference also brought to light concerns of large businesses,
which, along with some EU member states, are calling for the EU
data protection directives to be revised in order to simplify the
routine process of data transfers.
In particular, the EU rules have put Europe at odds with the United
States because the rules forbid data transfers to any country
beyond the EU that has inferior data protection policies.
This obstacle has caused legal problems for US firms, including
Microsoft, that wish to send data across the Atlantic.
Microsoft was forced to pay a small fine to Spanish data protection
authorities two years ago for not obeying the letter of the law
when sending details about its employees in Spain to and from its
headquarters in the US.
In response to some of these concerns the EU devised the so-called
"safe harbour" code. If a company signs up to follow the code, as
some including Microsoft have done, then they can freely transfer
data. Signing up involves making a promise not to use the data in
any way that would not be acceptable within the EU.
"By imposing duplicative, burdensome and costly requirements
particularly on global companies, [the EU laws] interfere with
companies' ability to run their businesses effectively and
efficiently," the Global Privacy Alliance said at the
conference.
The Global Privacy Alliance represents companies including
Citigroup Fidelity Investments, General Motors, IBM and
Oracle.
"At the same time, it is unclear if this approach provides any
added privacy protection," the alliance said.
Data transfer appears to be difficult even within the 15-nation
European Union as the different countries haven't implemented the
various data protection laws harmoniously.
The UK, Finland, Sweden and Austria have requested changes to the
data protection regime with the aim of cutting red tape and
facilitating cross-border data transfers.
"The rules must give effective protection to individuals' personal
data without unnecessarily restricting the processing needed to
deliver the services which our increasingly technologically
sophisticated society demands," the four countries said in a recent
joint proposal made to the European Commission.