EU data protection laws set for revamp

Jennifer Scott News
7 Dec, 2011

Cloud computing means 15 year old EU legislation doesn’t fit the bill anymore, claims Viviane Reding.

The EU is set to overhaul its data protections laws next month, as a senior official claims they aren’t prepared for today’s cloud environment or technologies of the future.

In a speech to the GSMA Mobilising the Cloud conference, Viviane Reding – Justice Commissioner for the EU – claimed cloud computing brought both businesses and consumers enormous potential for growth but aged legislation needed to be brought up to date.

“These technological advances in 2011 represent one of the biggest challenges to data protection and data security of our citizens,” she said.

“This is why we have to equip ourselves now and for the future. And this is why we have to adapt our current, European legislation on data protection, which is more than 15 years old, so that it meets these new challenges and any new situations.”

The Commissioner is working alongside Neelie Kroes, EU Commissioner for the Digital Agenda, to draft the laws but outlined her main areas of reform in the speech, starting with the need for citizens to have control of their data.

“Citizens must always be in a position to take informed decisions about how their personal data is used [and] internet companies must ensure transparency,” said Reding.

She called for “simple and understandable language” from companies to consumers and said authorities responsible for ensuring the laws are kept must be equipped with the right resources to make businesses abide by the rules.

Following on from this, Reding pushed for businesses to “take the security of personal data more seriously.” She said security features should be built into the products from the start, rather than added later, but more significantly, she said any breaches must be reported immediately.

Current UK law means only public sector organisations have to report any breaches to the Information Commissioner’s Office, whereas it is only optional for private firms.

Third on Reding’s agenda was the need to be able to move data between providers, with “no downside risk if someone wants to cancel an account, erase a profile or move all of their data to a competitor.”

“Such 'locking-in' not only stifles effective competition but, more importantly, deprives users of their effective right to freely chose and freely change the best privacy environments for their personal data,” she added.

The Commissioner was keen that her new laws would help create a “single online market for online services” within the EU, rather than the current fragmented rules different states have.

“We will make sure that we have one single set of instruments and rules for transfers of personal data to third countries, with no national extra conditions any more,” she said. “Unnecessary administrative cycles and obstacles will be eliminated.”

Reding believed the cloud could help even out the market landscape between large enterprise and small businesses, giving all a chance to compete for the custom of the 500 million people who live across Europe. As such, she said trust was a necessity for cloud technologies and providers, along with the law, must make the case for it.

The legislation is also set to give a more even playing field to those from outside of Europe, with Reding adding: “The reform will also put EU and non-EU service providers on an equal footing.”

The full legislation will be published next month, ahead of Kroes’ own European Cloud Computing Strategy, due out next year.

Sign up for our free newsletter