-- --


European Union Justice Commissioner Viviane Reding says she will introduce stringent privacy rules to protect users of Internet social networking sites.

The Sharing of Personal Data

The European Commission Wednesday rolled out some of its proposed privacy rights for citizens sharing personal data on the Internet, saying there should be a strict “right to be forgotten”. European Union justice chief Viviane Reding, said that sites like Google and Facebook must abide by data privacy rules or else they will face court action. Reding’s speech outlined the new stipulations for personal data storage. The new rules target the lifespan of personal data held by companies. As a “right to be forgotten” users would have to have the ability to delete their accounts (and data footprints) through such popular sites. The announcementvcomes about a year after the EU warned Facebook that privacy settings should be simplified, which prompted the company into making them easier to understand.
She went on to state, “To enforce the EU law, national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU consumers.” This would mean that national privacy bodies that deal with data issues would get powers to examine and potentially prosecute companies with services aimed at EU consumers.
The issue has always been who has the responsibility, or in legal terms, the burden of proof, to prove who is the owner of the data, or at least, who has the right to use this data as they see fit; the consumer or the data processor. Commissioner Reding targeted this issue by stating that “the burden of proof should be on data controllers, those who process your personal data. They must prove that they need to keep the data, rather than individuals having to prove that collecting their data is not necessary.”

What is the “right to be forgotten?”

This would mean users who post videos (to YouTube), photos (to Picasa), articles, status updates on Facebook, and any content would have to be given the option to remove all properties or digital assets.
This is a hot issue on the web now and it is not always as simple as placing a removal request or clicking on a delete button. Google’s Privacy Counsel says that “more and more, privacy is being used to justify censorship. In a sense, privacy depends on keeping some things private, in other words, hidden, restricted, or deleted. In a world where evermore content is coming online, and where evermore content is find-able and share-able, it’s also natural that the privacy counter-movement is
gathering strength. Privacy is the new black in censorship fashions. It used to be that people would invoke libel or defamation to justify censorship about things that hurt their reputations. But invoking libel or defamation requires that the speech not be true. Privacy is far more elastic, because privacy claims can be made on speech that is true.” However, it seems like the EU disagrees with his outlook on what data privacy and protection really mean; a right to be protected and not to be taken lightly.

Although the right to be forgotten right was the most talked about announcement, the data privacyoutline was more elaborate. She explained that EU law would be based on four central principles:

  1. Citizens had to have a “right to be forgotten”, to opt out of data collection and for those companies collecting it to prove a need to store the information.
  2. Companies will have to be transparent on what data they are collecting and with whom it is shared. Surveys had showed that this issue was of particular importance for young people on social networking sites, and so, this addressed those concerns.
  3. The third pillar is ‘privacy by default’. Privacy settings often require considerable operational effort in order to be put in place,” she said. “Such settings are not a reliable indication of consumers’ consent. This needs to be changed.”
  4. These laws must protect all EU citizens no matter where they are in the world. For example, these laws would bind third-party telecommunications companies whenever they processed data from a EU account.

On a more general note about data held by public authorities, Reding said, “the Commission can now consider extending the general data protection rules to the areas of police and judicial cooperation in criminal matters. Limitations to rights in this area would need to comply with the

general rules, and be clearly defined and proportionate”. It is believed that there is need to have  greater harmonization of enforcement of data-protection rules within the EU. That includes a “more coordinated approach at EU level” to privacy concerns about online mapping services. The EU has previously raised concerns about Google’s online Street View map service.
The commission is expected to finalize its proposal in the summer. However, any new rules are likely to be some way off. They would need to be approved by the European Parliament and Member States by the European Council. Nevertheless, the EU Commission has gotten the ball rolling on this issue.

Case Law