Your personal data is safeguarded today not only by the solid framework of Europe’s Data Protection Directive
, but also by many others, including the e-Privacy Directive
, its amending directive. Additional safeguards for data transfers apply through e.g. European Model Clauses
and the Safe Harbour agreement
. But many provisions of these existing rules are not being enforced properly
. Some people feel that they lack protection or that the legislation is out of date.
In fact, the principles and requirements of the existing law are as valid today as they were in 1995. They continue to guarantee your fundamental rights
while the vast majority of organisations involved in data processing have adapted their roles and responsibilities to keep up, not only with technological developments, but also with your needs and expectations.
Just last year, the European Court of Justice established the “right to be forgotten
” on the basis of the existing law. The ruling insists on applying a case-by-case assessment
, judging that neither the right to the protection of personal data nor the right to freedom of expression are absolute: a fair balance needs to be found.
We believe the new legislation
proposed by the European Commission in 2012 must follow this balanced approach. Any new law should remain based on principles
rather than introducing overly detailed rules, which are unlikely to bear the test of time as practices and technologies evolve fast.
Instead of considering all processing of personal data an issue, the law should focus on protecting people from real risks to their privacy.
The principle-based, risk-based, and technology neutral approach has been regarded as a model internationally and we feel strongly that it should be preserved. This is the only way to provide meaningful safeguards for your personal data
that can be understood and enforced in any context, now and in the future.