The NSA and GCHQ might still be listening at our digital wall with a glass to their ear, but it may get a lot harder for them in the future, at least on this side of the Atlantic. The European Parliament has now voted for a radical upheaval of privacy laws, giving civilians greater control over where data on them is held and how long it can be held for.
This vote is the first step to bringing about legislation that replaces data privacy laws in all EU states, making this one unified protective measure for all of Europe, including the UK. It will bring about four major reforms:
- A right to be forgotten – unless there is a reason for data retention, such as investigation for press or criminal reasons, data will be deleted when you no longer want it to exist. This is designed to empower individuals, more than regulate organisations that collect it.
- Easier access to data – better data portability, will mean information can be shared between organisations but only at your request. You will also have better access to that data and what it says about you.
- Putting you in control – No assumptions can be made on uses of your data. If permission is required, it must be given explicitly. Also, companies or groups that are affected by a data breach, will be required by law to tell those affected.
- Data protection first, not an afterthought – for all data gathering schemes, privacy must be a main component of its design. Privacy friendly settings should be also be the default, not an opt-in scheme. Social networks are specifically cited as needing to implement this.
The best part about all these regulations, is that they don’t just apply to businesses based in the EU, but to all that operate within it. That means US companies that want to abide by international law, will have to give better protection to their customers, whether their national privacy invading legislation – like FISA – agrees with it or not. If they do not comply with the rules, fines of up to two per cent of a company’s annual turnover can be levied.
To make sure these changes take place in all EU countries, a new body will be set up to monitor it. This supervisory group will oversea all privacy concerns in all countries.
The only caveat to the whole thing is that these measures aren’t law, yet. First it has to go through a co-decision procedure, which as Wired points out, can be extremely tricky.
KitGuru Says: Here’s hoping that does make it through the complicated council system, as getting this sort of protection would be a real step in the right direction. It would also be very interesting to see how the NSA would respond to thousands of calls from people wanting their data deleted, as it sounds like it may have to comply.