Right to be forgotten

On January 25, 2012, the European Commission proposed a draft decree “On the protection of [personal] data” - the General Data Protection Regulation ( PDF ). The document is intended to replace the current 1995 Data Protection Directive . This is quite a landmark document with far-reaching consequences and directly affecting the interests of a huge number of network users.

Initially, I planned to state the most important aspects of the expected changes as concisely as possible, but later I found out that not only in Habré, but even in the Russian-speaking segment of the network there are practically no materials on most of the issues covered in the document. Moreover, it seemed to me that the majority of Russian-speaking readers hardly imagine what they are talking about, who the actors are, what is the status of the document, why and how it appeared, what is its further fate. Therefore, I added several sections that represent a kind of “introduction to the history of the question” and are designed to explain many points that are still very likely out of sight of the Russian-speaking audience, and also tried to tell a little more about the document itself.

As a result, the article turned out to be quite lengthy, but, I think, more interesting. I really wanted to give not a dry squeeze of facts, but to show the process itself, to explain a little how the legislative mechanisms of modern Europe work, to identify some trends and to give the necessary minimum of knowledge for reflection, comparisons and reasonable conclusions.

What's happening?

Those who are not familiar with the structure of European institutions and their document circulation may not fully understand the status of the document under discussion, as well as the processes taking place in the depths of the European bureaucratic apparatus. However, this is also important for understanding some parts of this text, and in order to simply establish the scope of the discussion: has everything been decided? Show turbulent emotions or not?
')
The European Commission is the highest executive body of the EU, which has a practically exclusive right of legislative initiative. The proposed legislation of the Commission are submitted for consideration to the European Council and Parliament, and after their approval and entry into force, the Commission monitors their implementation.

The Directive is an EU legislative act that, in general, obliges all (or individual) member states to take measures to achieve the objectives described in it within the established time, leaving the means and mechanisms used at the discretion of national authorities. The decrees are an instrument of direct action, do not imply the adoption of additional legislative acts by member states and, as a rule, are binding for all EU member states.

Thus, the proposed reform will replace the current 1995 Directive 95/46 / EC [2] and lead to the unification of European legislation in the field of personal data protection and processing. In the case of the adoption of the document, it will acquire the status of law and will be binding on the entire territory of the EU. If there are no surprises, the document in its current form or with some changes will take effect around mid-2014.

Who came up with it?

The European Commission consists of 27 Commissioners (ministers) representing the interests of the European Union. Each Commissioner is responsible for a certain direction of activity and manages the work of the relevant administrative services that form his office. Under the leadership of the Commissars and their offices, draft EU legislation is being created. This is a rather lengthy and time-consuming process, during which various conferences are held, consultations with national and own experts of the European Commission, public opinion polls, analysis of existing legislation, law enforcement practice, etc.

Since 2010, the post of Commissioner for Justice, Fundamental Rights and Citizenship has appeared in the European Commission. It can be said that this Commissioner is the EU’s highest official in charge and responsible for human rights in the EU. Since the introduction of the post takes her Viviane Reding . It is Ms. Reading who is the author of the proposed reform.

Who is Mrs. Reding?

Ms. Viviane Reding is a famous European politician. Born in 1951 in Luxembourg, received a doctorate in humanities from the Sorbonne, headed the Luxembourg Union of Journalists, was a member of the Luxembourg Parliament, and since 1989 for ten years - European. Since 1999 he has been working in the European Commission. She has held the positions of Commissioner for Education, Culture, Youth, Media and Sport, Commissioner for the Information Society and Media. As mentioned above, since 2010, Viviane Reding has been the Commissioner for Justice, Fundamental Rights and Citizenship.

Although Ms. Reding's name may be unfamiliar, I'm sure most of you have heard of some positive changes in the European legal field that have occurred with her participation. Moreover, many initiatives and projects of Ms. Reding directly relate to and have an impact on you - specialists related to IT-sphere.

It was Ms. Reading who initiated and inspired the acclaimed Resolution No 717/2007 , which reduced roaming prices by 70% within the EU. With the participation of Ms. Reding, the top-level domain .eu was launched, ICANN was removed from the control of the US Department of Commerce and became more open to control by the global community, a pan-European strategy for developing broadband Internet access was adopted, and significant funds were invested in LTE development , the necessary frequencies for 4th generation wireless services were released. It was Ms. Reading’s voice that united Europe recalled that fundamental rights such as the presumption of innocence and the right to privacy were expressed in the European Convention for the Protection of Human Rights and Fundamental Freedoms remain relevant to Europe and to this day - in the Internet era.

This is just a short and far from complete list of what Redspeak has done to develop modern technologies and protect the rights of citizens of a united Europe (and not only). If you hear about Ms. Reding for the first time and are not familiar with the results of her work as European Commissioner, take some time to learn more about this wonderful woman:

- official page ;
- Digital Europe - a vision for the next 5 years - a lecture given by Ms. Reading in 2009;
- archive of press releases for 2010-2012;
- archive of press releases for 2004-2009;

Getting down to the bottom line

Let's look at the individual episodes happening around us. Without pretending to be complete, as it is completely unnecessary, just look at a number of episodes, one way or another connected with media corporations, and causing a violent and ambiguous reaction.

Google drastically changes its privacy policies in a controversial way, comes across manipulations with cookies in Safari, and later in IE , illegally collects data on Wi-Fi points. Zuckerberg once again makes messianic statements about building a “new, more open world” and changing the pattern of interaction between citizens and governments. Facebook refuses privacy policies and enters “Data use” policies, according to which your friends' applications will have access to your personal information, with Facebook cookies, relations also turn out to be very non-trivial . Amazon finds itself in a “silk scandal” , claims are being filed against Google and Apple about illegal gathering of information on their devices, credit card data, personal correspondence, user bases from dozens of popular sites are running out… The Internet has gone crazy. Corporations seem to increasingly ignore the interests of individual users. The network is replete with articles about what is happening; disputes and heated discussions do not subside. Someone for, someone against, someone protects media corporations, someone becomes paranoid, someone doesn't care at all.

On this wonderful motley background, on January 25, 2012, Mrs. Vivian Reding gives a press release about the new bill: “Ladies and Gentlemen, we did it! Today, the European Commission adopted a resolution on extensive and comprehensive reform of data protection legislation. ”

Her words are strikingly different from the self-assured rhetoric of media corporations and draw a line in all the heated debates about “rights and obligations”, various “open societies” and the legality and illegality of certain actions:



If you speak English, take half an hour and watch the entire press conference. For those who do not have so much time or who find it difficult to perceive English, I made an excerpt from the most important points:

Ladies and Gentlemen, we did it! Today, the European Commission adopted a resolution on extensive and comprehensive reform of data protection legislation. With this reform, the European Commission will create a single digital market that is accessible and understandable for both companies and buyers. The reform will allow Europe to become more competitive and will make us the legislator of international standards in the field of modern data protection.

In today's world, personal information has become the currency of the single digital market, and like any currency, it must be stable and trustworthy. Only if the consumer is confident that his personal data is securely protected, will he trust companies and government agencies and use the Internet services they offer.

Why is there a need for law reform in this area? First of all, because the current rules and laws were adopted in 1995, one might say, even before the advent of the Internet. Today, the Internet, cloud technologies, mobile devices allow us to access data in any place and at any time. New technologies have changed our life, creating a new world of tremendous opportunities, and this world should remain the world of innovation.

But, of course, with new technologies, new dangers have appeared , primarily due to the loss of control over personal data . People are worried - according to our data, 72% of EU citizens are concerned about the possibility of abuses associated with the use of their personal data. They are concerned that companies may transfer personal data to other companies without permission . It prevents people from feeling free, it makes it difficult to give information about themselves and to purchase goods and services online.

In addition, we know that many users, especially children and adolescents, do not realize and do not understand existing security policies [sites] when they create a profile in one of the social networks and do not realize that their search history can be used by third parties.

These are in general terms the concerns of individual users. However, companies also have reason to complain. Companies face a huge number of different, sometimes even contradictory requirements in the field of personal data protection, which is due to differences in national laws and due to differences in the law enforcement practice of national government bodies. This leads to “legal uncertainty” of companies, creates significant barriers to doing business, especially small companies and start-ups, requires tangible additional costs and prevents the European digital market to fully realize their potential.

What are we doing to solve these problems? Our reform will eliminate unnecessary administrative procedures and reduce the cost of documentation. A single document will be adopted that will enable to conduct business in the single internal market of the European Union. Uniform standards will be adopted for the 27 member countries and 500 million people, uniform and clear rules for the transfer of data within transnational corporations and a unified control structure will be created that will allow companies to save about 3.2 billion euros annually.

At the same time, reform guarantees a higher level of security for end users. The reform will protect the personal data of users and ensure that they receive complete and correct information about what is happening with their data. We are based on the fact that “personal data belong to the individual” and offer a number of rules:

1. Transparency - security policies should be clear and written in clear and simple language. Citizens should know how their personal information is processed.

2. Consent - for the use of personal must be obtained the explicit and direct consent of the user.

3. Portability and mobility - personal data belong to the user and he should be able to take his data from one service provider and transfer it to another.

4. Companies and organizations will be obliged within 24 hours to notify users of any problems related to the security of their personal data. Also, supervisory authorities should be informed.

5. And finally, the "Right to be forgotten . " It is connected with the statement that personal data belong to the individual. If the user wants to abandon the services of the service and collect their data, he should have the opportunity to do so. Users will have the opportunity to erase the data previously provided to the service.

To implement these changes, you must create an independent supervisory organization. Independent from political and business structures, well-equipped technically, with the ability to offer possible solutions to emerging problem situations and with the right to impose sanctions.

Ladies and Gentlemen, I have outlined the general boundaries of a strict and consistent system that will be introduced and applied in the territory of all European Union member countries in the next decades. This is a critical legislative document for the development and security of the European Union.

What's left overs

Behind the scenes, much remains. The most interesting thing is the impact of the reform on business, individual requirements for small companies, differences in the EU approach and legislation adopted in the US, the reaction of other countries, in particular those of the USA, the reaction of corporations and the press, the EU-Google conflict, questions about censorship. There are a lot of publications on these topics, but most of them are in English. Unfortunately, it is very difficult to squeeze such a huge amount of information into one small article concerning completely different aspects of the reform, each of which deserves a separate detailed consideration. Plus I wanted to avoid evaluation materials. If you are interested, the Data Protection tag on the Fondation EurActiv PoliTech website can be a good starting point for getting to know the situation in more detail.

P.S. I want to clarify that I am not a lawyer and I am interested in these topics at the amateur level, so do not wait for legally impeccable and unmistakable answers to your questions.

Links and sources

1. General Data Protection Regulation Draft (PDF) →
2. The data of such data →
3. Wiki: Viviane Reding →
4. Viviane Reding, official webpage →
5. Video: "Digital Europe - a vision for the next 5 years" - a lecture given by Ms. Reading in 2009 →