4 June, 2015
Privacy is once again high on the policy agenda on both sides of the Atlantic. A notable Bill (pdf, summary) was introduced by Democrats in the US Congress titled the Consumer Privacy Protection Act, which addresses data breaches and other security aspects of information systems that process considerable amount of personally identifiable information. The Bill would introduce penalties for organisations that do not comply adequately and would pre-empt weaker state laws, to create a federal US baseline for some aspects of consumer privacy.
The European Council has also recently come to some long awaited compromises on aspects such as the ‘one stop shop’ (pdf) and some of the general principles of chapter two (pdf) of the current draft General Data Protection Regulation. These include provisions for “lawful, fair and transparent data processing” as well as clarifying some issues around data processing based on consent. European Commissioner Andrus Ansip has announced that the Commission is keep to start finalising the data protection reform, but added he will be keen to negotiate further on topics such as “ownership, use and reuse of data, management of data flows and so on.”
While the legislative quarrels continue, an interesting proposal has emerged from the academic world. Professor Sarah Spiekermann and Alexander Novotny at the Vienna University Institute for Management Information Systems have published a paper titled “A vision for global privacy bridges: Technical and legal measures for international data markets.” The paper proposes a four-space market model for personal data, which is comprised of Customer Relationship Holders (CR-H), data processing companies that service CR-Hs directly, privacy-friendly customer-controlled data spaces, and safe harbours for anonymised big data.
The vision developed in this paper is ambitious but well thought out, and could provide fuel the on going political processes. If you are lost in the legal terms and definitions used in all these developments, it may be worthwhile reading Prof. Dr. Rolf H. Weber’s (Zurich) recent survey paper of emerging issues and proposed solutions titled “The digital future – A challenge for privacy?” All these developments promise to make the upcoming Amsterdam Privacy Conference a spectacle for debate on the future of data protection law!