Viviane Redding gives a glimpse of her road map for 2011 in the February (and inaugural) edition of International Data Privacy Law. You can access the article here. (The first edition is available online for free.) A few points to note:
1. Strengthening the rights of data subjects:
- Privacy policies are inadequate;
- Data subjects need to be informed who is collecting their data how it is being processed;
- Rights need to be exercised for free and without excessive constraints;
- There will be more detailed obligations for data controls on the type of information provided to data subjects and perhaps a mandated format;
- The right to be forgotten needs to be strengthened; and
- There may be a mandatory breach notification requirement.
2. There may be other additional requirements
- Data Protection Officers;
- Privacy by Design; and
- Privacy Impact Assessments.
3. Data transferred outside of the EU must be adequately protected
- “I intend to strengthen, and streamline the current procedures for international data transfers . . . .”
- More engagement on an international stage (Microsoft, Google, etc, look out)
4. More enforcement
I’ve been watching Viviane for a while and I think she is going to be tough. She understands technology is moving at the speed of light and she is determined (in my opinion) to make sure that the law and enforcement keep up. Look for strong reforms to the Data Protection Directive and strong enforcement once enacted by the member states. There focus on technology is real and she will not accept “that’s what the technology can do so there’s nothing we can do about it” from technology providers.