From the European Commission:
In the age of the internet and globalisation, it’s getting harder to keep your personal details private. Shopping online or sharing photos and personal information on social networking sites such as Facebook have become part of daily life.
While the EU’s existing rules on protecting personal information are among the strongest in the world, they need to be updated to reflect changes in technology and the way we live. A new data protection strategy aims to ensure people are aware of what happens to the information they share with companies, public authorities and social networking sites.
Holders of personal information, such as internet service providers or search engines, would have to reveal who is collecting data and for what purpose.
The strategy will introduce the concept of the “right to be forgotten” – to ask for your data to be completely removed once it has served its original purpose.
Currently, only telecommunications companies must inform consumers if their personal details are unlawfully accessed. The strategy would extend that requirement to other sectors, such as the financial industry.
Companies would only be able to send personal information outside the EU if the recipient was in a country offering a similar level of data protection.
Personal information held by the police and criminal justice authorities would also be protected. National data protection regulators would be strengthened and encouraged to work together more closely to prevent abuses.
The strategy also aims to cement a common approach across the EU. Because countries do not apply current rules consistently, it’s not clear what laws apply in what circumstances. That can be an obstacle to doing business when it holds up the legitimate flow of information. Under the revised law, multinational companies would only have to deal with one set of rules.
You have until 15 January to share your thoughts on the strategy. Comments will feed into the proposed legislation, due out in 2011.
Document (pdf): Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions: A comprehensive approach on personal data protection in the European Union