Data Protection – New EU regulation makes progress towards stricter rules

Insights - 01/07/2015

There has been movement towards stricter data protection rules and an opinion regarding the use of drones for the collection of personal data.  Brief highlights are as follows:

Progress update: EU General Data Protection Regulation
The Justice and Home Affairs Council have adopted a general approach (informal agreement within the Council) on the proposal for a new EU Data Protection Regulation. The idea of a general approach is that this speeds up the process, perhaps even facilitating an agreement on first reading. The best estimate for adoption of the legislation is some time in 2015.

The main elements of the general approach are:
• An enhanced level of data protection.
• Increased business opportunities in the Digital Single Market.
• More and better tools to enforce compliance with the data protection rules.
• Guarantees regarding transfers of personal data outside the EU.

Article 29 Working Party publishes opinion on draft Data Protection Regulation
The Working Party has emphasized its view that the new regulatory framework should not lower the level of protection currently provided by the Data Protection Directive. The opinion is designed to inform the meetings about the Regulation between the Council, the European Parliament and the European Commission. In particular, the Working Party:

• Warns against broadening the exemptions for processing activities of public and private authorities for the purpose of safeguarding public security.
• Emphasises the need to define “personal data” in line with technological evolution.
• Cautions against watering down the prohibition on further uses of existing data for purposes incompatible with those purposes for which data was originally obtained.
• Reiterates the need for effective governance and a harmonised enforcement approach across the EU.

Article 29 Working Party highlights the threats and risks of drones
The Working Party has published an Opinion relating to the use of drones. Due to their dexterity and unique vantage point, processing of personal data by drones is particularly intrusive and not as transparent to the individuals being viewed. The use of drones falls under the Data Protection Directive and, as providers of public electronic communications services might use drones, the Privacy and Electronic Communications Directive.

The opinion provides a guideline for policy makers, manufacturers and operators to correctly address data protection requirements. These include verifying the need for a specific authorisation from Civil Aviation Authorities, finding the most suitable criteria for legitimate processing, complying with the purpose limitation, data minimisation and proportionality principles (e.g. by using suitable technology) and fulfilling, in the most appropriate manner, the transparency principle (by informing individuals of the processing).

The Opinion recommends adopting suitable security measures and deleting or anonymising personal data which is not strictly necessary.

If you would like to discuss your data protection and privacy policies and procedures or for further information, contact our commercial team on 01737 854 500 or find out more here

Disclaimer:

Although correct at the time of publication, the contents of this newsletter/blog are intended for general information purposes only and shall not be deemed to be, or constitute, legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article. Please contact us for the latest legal position.