11/02/2011

By Nigel Miller, Commerce and Technology Partner, Fox Williams LLP

As marketing becomes ever more sophisticated, personal data - the data by which individuals can be identified- becomes increasingly valuable. The European Consumer Commissioner, Meglena Kuneva described personal data as “the new oil of the internet and the currency of the digital world”.

However, current legislation was not designed, and is ill-equipped, to handle the rapid technological developments taking place, such as the explosion of social networking sites, the use of targeted behavioural advertising and the use of more sophisticated flash cookies. This is a matter that the European Commission has recognised and has communicated its plans to reform the EU data protection rules.

With the increase in value of personal data it becomes increasingly important for companies to understand the rules governing data protection and privacy and to ensure they are effectively implemented. This is not simply a matter of complying with arcane laws. It is a necessity for building value, trust, reputation and goodwill.

In November 2010, the European Commission released a communication document setting out its comprehensive approach to [d]personal data protection in the EU[/b], including its plans for modernisation in light of rapid technological developments. In particular, the Commission noted the challenges and problems that have been caused by the use of social networking sites, geo-location services (like Google’s Latitude service) and cloud computing — which can involve the loss of an individual’s control of their potentially sensitive information.

The Commission plans to propose legislation in 2011 revising the legal framework for data protection. The Commission has acknowledged the need for a more unified, consistent approach to data protection regulation across member states. The current necessity of complying with multiple national regimes has caused significant costs to multi-national companies.

The Commission set out five key objectives, which will be issues to watch in 2011.


o Strengthening individuals’ rights - the Commission highlighted the need for transparency in processing and areas where additional measures may be required to deal with developing technology for example, location data and ‘data mining’ technologies. It will consider whether it is necessary to strengthen existing sanctions.

o Enhancing the internal market dimension — The Commission will examine means to achieve further harmonisation of data protection rules at EU level through the revision and clarification of existing laws to provide the same degree of protection, irrespective of geographic location.

o Revising the data protection rules in the area of police and judicial cooperation in criminal matters — the Commission will consider the extension of the application of general data protection rules to the areas of police and judicial cooperation in criminal matters (including for processing at a domestic level) and for harmonised limitation to certain data protection rights of individuals.

o The global dimension of data protection — the Commission plans to improve and streamline the current procedures for international data transfers to ensure a more uniform EU approach to transfers to third countries and clarify the Commission’s adequacy procedures.

o A stronger institutional arrangement for better enforcement of data protection rules — The Commission will examine how to strengthen, clarify and harmonise the powers of the national data protection authorities. It will also consider how to ensure a more consistent application of EU data protection rules across the internal market.

This article was written by Nigel Miller, Commerce & Technology partner at Fox Williams LLP. Nigel can be contacted for more information at nmiller@foxwilliams.com