The European Commission unveiled its strategy Thursday to strengthen existing data-protection rules while reducing red tape and guaranteeing the free circulation of data. Among other things, the executive body of the European Union said it intends to ensure that the collection and use of personal data is limited to the minimum amount necessary.
In today’s online environment, data-protection policies are often unclear, nontransparent and not always fully compliant with existing rules, the EC noted. So individuals need to be clearly informed about who is gathering data about them and why, as well as how that information will be used and for how long.
“Controlling your information, having access to your data, being able to modify or delete it — these are essential rights that must be guaranteed in today’s digital world,” said EU Justice Commissioner Viviane Reding.
Mandatory Data-Breach Notifications
One key legislative goal is to clearly spell out the responsibilities that data controllers have when it comes to ensuring effective data protection. Among other things, the commission believes individuals ought to be informed when their data has been unlawfully accessed, altered or destroyed.
For this reason, the financial industry — as well as the providers of information services — may be required by law to issue personal data-breach notifications. Data-protection rules also may be revised in the area of police and criminal justice to ensure that the personal data of individuals retained for law-enforcement purposes becomes protected under the new legislation.
The EC is also looking to ensure transparency by requiring web-site operators and their service partners to inform online visitors in clear, plain language about how their Internet use is being monitored for behavioral advertising. Also on tap is an informed-consent policy that would enable individuals to have personal data deleted as well as establish the individual’s “right to be…