Tuesday, July 08, 2008

Revisiting the DPA 1998

This has been widely reported:

Addressing the annual conference on Privacy Laws and Business in Cambridge, UK's Information Commissioner, Richard Thomas, has emphasised the need to bringing out necessary changes in European Data Protection Laws.

The Information Commissioner has stated that the existing laws are outdated and excessively bureaucratic, and these laws aren't in line with the modern internet age.

The Information Commissioner's Office (ICO) has commissioned RAND Europe, a research group, to assessing the current laws, and to come up with the key areas of improvement in existing structure.

Thomas also added that the research will help in designing more straightforward and effective laws, without putting extra burden on enterprises.

A representative from RAND has mentioned that the assessment process will involve small interviews and workshops, with a significant participation of small organizations. The group is expected to publish its report in April 2009.

However, Thomas admitted that the reform process would be slow, and the proposed changes may not be applicable till five years down the line, but the start can't be delayed any further.

Whilst these developments are being considered, there are several issues that will need to be revisited not least:

1) Scope of "Personal data" as laid down under the European Data Protection Directive 95/46/EC

2) Distinction drawn between sensitive and non-sensitive data as applied online under Art. 8.1 of the Directive.

3) Onset of social networking (user-generated content)

4) The ease with which information can be easily transferred (Art. 25 of the Data Protection Directive 95/46/EC) will need to be revisited.

5) Scope of the exemptions laid down under Art. 9 of the Data Protection Directive 95/46/EC - processing of personal data for the purposes of artistic, literary and journalistic purposes.

On a separate note, however, identity principles ("identity commons") has been discussed to a greater extent:

"Id Commons is defined in Wiki-Commons as:

The following Purpose and Principles are the "core DNA" of Identity Commons as an organization. We use this term since all Identity Commons working groups agree to inherit these, i.e., each one is accomplishing a specialization of this Purpose, and each one is operating in accordance with a specialization of these Principles. See Background and see our old Wiki for more about how we got here. Feel free to leave comments or make suggestions as to how this statement of Purpose and these Principles can be further improved.

The purpose of Identity Commons is to support, facilitate, and promote the creation of an open identity layer for the Internet, one that maximizes control, convenience, and privacy for the individual while encouraging the development of healthy, interoperable communities."

This could work alongside the current EU legal framework, but remains to be seen how effective this would be.

No comments: