The boom in internet-connected devices and the concomitant rise in data collection have led to a “legislative drag”, but eventually legislation concerning privacy rights and data protection will become as fully embedded in technology as regulations on safety are in the automotive industry.
That’s the view of two Members of the European Parliament (MEPs) sitting on the Committee on Civil Liberties, Justice and Home Affairs, who were speaking at a discussion on personal data protection hosted by European Parliament Information Office in the UK.
Speaking at the same event, the Information Commissioner’s Office (ICO) warned that data protection authorities are “facing considerable resource challenges” due to the digital boom.
Currently, the European Commission’s Article 29 Data Protection Working Party – set up in 1995 to ensure “the protection of individuals with regard to the processing of personal data” – is advising on an updated policy designed to account for unforeseen advances in technology, such as the public internet, in the years since.
The body has previously warned how the Internet of Things (IoT) will require new forms of consent.
Estonian MEP and vice chair of Group of the Progressive Alliance of Socialists and Democrats, Marju Lauristin, who is leading the drive for the draft directive through the European Parliament, explained why it is required.
“More and more we are deepening our existence in the digital sphere,” she told the audience at Europe House.
“Our main concern and the whole objective of this legislation is to really secure the basic human rights for privacy, the basic human rights to be able to make free choices,” Lauristin – a professor of communications – said. “In this new environment there’s more and more digital to control.”
Timothy Kirkhope (pictured) is Conservative MEP for Yorkshire and Humberside, EU spokesman on Law and Justice and also a member of the Committee on Civil Liberties, Justice and Home Affairs. He agreed that new legislation is required in order to catch up with developments in technology and the sheer amount of data generated by internet-connected devices.
“We are in a very fast-moving world; we have got a situation with data where there is what I would describe as a ‘legislative drag’. Legislation was always going to fall behind,” said Kirkhope, who argued that even after the directive is passed, the European Parliament will need to constantly reevaluate it as technology advances.
“It’s taken years to get through what we’re doing now, and when we’ve done it we’ll have to look at it again. We’ll have to continue,” he said, using the analogy of smartphone software updates.
“Like a smartphone, which is automatically updated remotely, we’re going to have to keep updating our legislation to take into account changes in technology.”
One of the key areas the working party is examining is “the balance between protection and advantage and the question of necessity and proportionality in the collection of data”, Kirkhope explained, stating that it’s important that organisations know what they can and can’t do with personal information and that legislation must take account of the different ways in which data is used.
“There is a difference between companies who collect data for the use of their clients and customers, and those that collect data as a resource in itself, to be traded on the open market. These are very important differentiations and comparisons,” Kirkhope said, before arguing that it’s particularly important that the authorities adopt an ethical approach to data collection.
“When it comes to the question of law enforcement, it’s very important that European citizens have confidence in how data about them that is collected is actually used and protected and what redress they may have in the event of that data being improperly used or applied,” he said.
Lauristin argued that legislation will eventually catch up with the internet in the same way that regulators eventually imposed safety standards on the automobile – an earlier technological advance that was also unforeseen.
“In the beginning, nobody could imagine how much regulation would be involved concerning the standards for the construction of all those vehicles and everything surrounding them,” she said.
While requiring early automobile manufactures to obey safety regulations was undoubtedly at the time seen as “a burden”, Lauristin continued, it would be hard these days to argue that safety standards concerning the manufacture of cars should not be enshrined in law.
“Now we can use a car and be very confident that a very high level of safety and security has been implemented in the product itself. You wouldn’t take a taxi if you weren’t sure that the taxi driver would comply with traffic regulations,” she said.
Lauristin described how the world is approaching a point where consumers expect organisations to comply with certain rules surrounding the use of technology and personal information.
“With this information highway we’re all on, we are approaching the same situation. We as users want to be safe and secure, sure that the people who create the technology, that the people who are using the technology, will comply with these safety standards regulations,” she said.