Privacy and Data Protection




Data Retention Law to be Revised
Europe, Middle East and Africa

The European Commission (EC) has announced that it has adopted the Evaluation report on the Data Retention Directive (Directive 2006/24/EC) (18 April 2011), finding that Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (the data retention directive) should be reviewed “with a view to proposing an improved legal framework”.

The data retention directive was enacted to assist with security challenges like terrorism, and requires telecommunications companies to retain data to help law enforcement bodies. However, the report identified “serious shortcomings” with the data retention directive, and the EC states that a more proportionate approach should be taken, particularly to ensure that personal privacy is preserved. The report notes that though “there are no concrete examples of serious breaches of privacy, the risk of data security breaches will remain unless further safeguards are put in place. The [EC] will therefore consider more stringent regulation of storage, access to and use of the retained data”.
Further information from the EC
EC’s media release (18 April 2011)

Related news item:
ZDNet UK: Europe ready to overhaul data-retention law (18 April 2011)
(Source: EC; EUR-Lex; ZDNet UK)


EDPS Newsletter
Europe, Middle East and Africa

The European Data Protection Supervisor (EDPS) has released the latest edition of the EDPS Newsletter No. 28 (April 2011).
(Source: EDPS)


EDPS Supervisor Article Calls for More Effective Data Protection
Europe, Middle East and Africa

European Data Protection Supervisor (EDPS) Peter Hustinx has made available his article Towards more effective Data Protection in the Information Society (April 2011), which originally appeared in the Data Protection Authority of Madrid’s digital review datospersonales.org.
(Source: EDPS)


Ad Industry Launches Self-regulation Framework
Europe, Middle East and Africa

Advertising industry body IAB Europe has announced the launch of European Self-regulation for Online Behavioural Advertising: Transparency and Control for Consumers (undated), which includes a framework for online advertising companies to respect users’ privacy when using behavioural advertisements. Leading advertisers have already signed up to the framework, which sets out requirements for third-party advertisements such as improved user control and transparency. By June 2012, signatories have promised to display icons which signify to consumers that online behavioural advertisements are used, and also provide an option for turning off such advertisements. The new website, youronlinechoices, will also provide information and tools to help consumers manage their data protection preferences. 
IAB Europe’s media release (14 April 2011)

Related news item:
Computerworld: Europe moves to give consumers control of online ads (15 April 2011)
(Source: IAB; youronlinechoices; Computerworld


Asian Government’s Report on Personal Data Privacy Ordinance
Asia Pacific

The Constitutional and Mainland Affairs Bureau (CMAB) has released the Report on Further Public Discussions on Review of the Personal Data (Privacy) Ordinance (April 2011), which sets out “legislative proposals to strengthen personal data privacy protection”. The government intends to introduce an amending Bill into the Legislative Council in July 2011, providing specific requirements for direct marketing. Companies involved in direct marketing would be required to provide further information to data subjects on how personal data will be processed, as well as enhanced opt-out mechanisms. Noncompliance with the direct marketing provisions could incur penalties of a fine of HK$500,000 and imprisonment for three years.

The Bill is also expected to impose maximum penalties of HK$1,000,000 and imprisonment for five years for organisations which breach new prohibitions on unauthorised sales of personal data to third parties.
CMAB’s media release (18 April 2011)

Privacy Commissioner for Personal Data (PCPD) Allan Chiang broadly welcomed the government’s announcement, but expressed dismay that he would not be afforded enhanced enforcement powers.
PCPD’s media release (18 April 2011)
(Source: CMAB; PCPD)