EU recommendations could spell good news for data sharing in the channel as a call is made to protect the free flow of information across geographical boundaries, and may provide opportunities to help businesses with fresh rules regarding personal information.
The Council of Europe has called upon its 47 member states to ensure that any blocking of content complies with human rights standards and does not interfere with international Internet traffic.
The Committee of Ministers has adopted a a set of principles for the free trans boundary flow of information on the Internet, and has called on members to ensure that they are reflected in regulatory frameworks and in practice.
The move means that individual countries should ensure that any interference with Internet traffic within their territory should be carefully assessed in advance so as not to result in disproportionate impact beyond their borders, and it encourages international dialogue to share norms regarding international policy around jurisdiction.
The principles underline the protection of the right to privacy, the right to freedom of expression and the right to assembly and association in compliance with Articles 8, 10 and 11 of the European Convention on Human Rights.
The recommendation also asks for encouragement and facilitation on development of self-regulatory codes of conduct so Internet stakeholders respect human rights, and to promote co-operation among them to develop and implement technical best practices.
In relation to services that store or process information using the cloud the recommendation underlines that states should safeguard the right to privacy and personal data protection.
With further guidance on personal data the council has also issued a further recommendation, which applies both to the public and private sectors, advising that employers should avoid unjustifiable and unreasonable interference with employees´ right to private life in the workplace, this being applicable to all information technology devices.
It contains a number of safeguards to ensure that employees´ personal data is adequately protected, and provides guidance on how employers should collect, store and communicate personal data externally, for example to public bodies.
Employees should have access to the personal data employers hold on them, and to information about their origin and the purpose of their processing. This includes evaluation data related to assessments of performance, productivity or capability. They should also be entitled to have data rectified or erased if they are inaccurate or have been processed contrary to the law.
Specific recommendations include that monitoring of employees internet access should be taken by preventative measures such as filters, access to professional communications must only occur for security or legitimate reasons and private communications at work should never be monitored.
Recommenations also place strict conditions on the use of information systems, including video surveillance, for monitoring employees´ activity and behavior, and collection of biometric or genetic data and any health data processed by the employer must be directly related to the ability of an employee to carry out his or her duties, and be necessary to prevent risks to others or to the person concerned.