EUROPE: EU Commissioner Reding introduces her Eight Principles of Data Protection

more+
less-

On Data Protection Day, EU Commissioner Viviane Reding introduced the so-called “Data Protection Compact”, her 8 principles of Data Protection that should govern the way personal data is processed by the public and the private sector.

Principle 1: Europe must establish a robust Data Protection legal framework that can be the gold standard for the world. Otherwise others will move first and impose their standards on Europe.

Principle 2: The Data Protection legal framework should not distinguish between the private and the public sector. Citizens would simply not understand a split in times when the public sector collects, collates and sometimes even wants to sell private data.

Principle 3: Drafting data protection rules require public debate because they relate to civil liberties online. Data protection should be the subject of a public information campaign leading to joint discussions between citizens, civil liberties groups, companies and governments.

Principle 4: Blanket surveillance of electronic communications data is not acceptable. Data collection for surveillance purposes should be targeted and be limited to what is proportionate to the objectives that have been set.

Principle 5: Laws need to be clear and laws need to be kept up to date. It cannot be that States rely on outdated rules, drafted in a different technological age, to frame modern surveillance programmes. Such laws give citizens little or no idea about what is actually going on.

Principle 6: National security should be invoked sparingly. It should be the exception, rather than the rule. The need to protect national security can justify special rules. But not everything that relates to foreign relations is a matter of national security. It undermines the legitimacy of laws that are vital for our security.

Principle 7: Judicial oversight is necessary to ensure that the pendulum does not swing too far. Executive oversight is good. Parliamentary oversight is necessary. Judicial oversight is key.

Principle 8: Data Protection rules should apply irrespective of the nationality of the person concerned. Applying different standards to nationals and non-nationals makes no sense in view of the open nature of the internet.