Data protection authorities (DPAs) are expected to agree a
common legal framework for global data protection laws in
November.
The framework, which will require changes to national laws, will
provide individuals with a greater degree of protection, both
for personal and attributable information worldwide, according to
Peter Hustinx, the European data protection supervisor.
Speaking at the European
Network and Information Security summer school, Hustinx said
the text of the framework is stable and DPAs have voiced support
for the measure, which will be put to their global conference in
Madrid in November.
The new measures will take into account technology advances such
as cloud computing and offshoring.
Companies which collect and use personal data will have to
ensure that personal information has the same level of protection
wherever it is processed or stored as it would in the data
collector's home nation.
Hustinx said he expects this protocol to become a global
practice in the light of cloud computing and off-shoring.
He also expects the law to have a ripple effect in boardrooms as
no one would be able to offset their responsibilities to third
parties. "If you collect the data you are responsible for it, no
matter who processes or stores it."
Hustinx said it was also likely that the protocol would be
adopted by the United Nations and Organisation for Economic
Cooperation and Development, among others, making it globally
enforceable.
This would require some changes to laws that govern trans-border
data flows. This would be simplified and clarified, he said.
There is a push to improve protection for individuals' privacy
and this is likely to gain momentum since Irish passed the Lisbon
treaty, Hustinx said.
There is now competition between various European commissioners
to be the lead on privacy. A new commissioner for privacy and human
rights might emerge as a result, he said.