Several initiatives in the area of data protection are currently being discussed in the European Parliament. The EIF Dinner Debate on 'Data Protection' confirmed an urgent need for a common approach in this area and an international dimension to adequately respond to the legitimate concerns of citizens, businesses and administrations.
The world is shifting from a technology centric approach to an information centric approach. With more information out there in the cloud, on external data farms, there is also a greater need to protect that information and the individuals linked to it. Data protection is a matter of digital security but the opposite is also true, as Guido Sanchidrian from Symantec said: security and privacy build on each other. There cannot be sustainable security without building privacy and data protection into the technology.
Data protection is often mentioned as something technical but data protection and privacy are everywhere: in personal, private and business life. The recent Lisbon Treaty reiterated the right of privacy and it has given the European Parliament a more important role in this matter. With current initiatives on the table, the rethinking that is currently happening should have an emphasis on making existing principles work better and focus on the implementation. This is not the time to completely reinvent data protection, as Peter Hustinx from European Data Protection Supervisor said.
This also means we need to look at more intelligent ways to building privacy into services. We should strengthen the data subject, the person who is protected, and analyze his or her rights in a practical setting. The majority of these rights are not new (except for instance the right to be forgotten and data portability).
Another element in the discussion should be the (lack of) po wer and fragmentation of control authorities. These authorities are often weak or at least do not have the same powers in each member state. Rethinking data protection means getting it right from the very beginning. That means using the right kind of technology and ensure that privacy is built into the technology. There is an unhelpful legacy problem because the existing 1995 directive has led to national diversity. This blocks effectiveness and creates high costs. When the European Commission harmonizes this area again, it should provide a high level of uniformity without complexity (i.e. reduce administrative burdens).
Last but not least, one should not forget the importance of the underlying systems. As highlighted by John Crain from ICANN, the web was developed decades ago. Laws and protocols have to work across the network and this should be taken into account in the discussion as we are only at the beginning of the information revolution.