Search This Blog

Thursday, 26 January 2012

You Want Eggs With Your Privacy Regulation?

Well, the EuroZerozone may be disintegrating, but the European Commission is certainly doing its best to cement over the obvious cracks in the single market fantasy. Now we need more regulation of... privacy.

As with everything else that Brussels churns out, this breakfast had its origins in the primordial soup of the "Social Dialogue" and various talkfests that are helpfully identified by the city in which they were discussed. This time around something seems to have happened in Stockholm in 2009, for example. At any rate, you'll be so impressed by the rich pedigree of the grandly named:
"Proposal for a
on the protection of individuals with regard to the processing of personal data and on
the free movement of such data (General Data Protection Regulation)"

that you'll gratefully submit to the wisdom of our European overlords.

As for me, I just can't wait to roll my sleeves up and get to grips with the detail... the "right to be forgotten", "data portability", "data protection by design and by default", the logging/reporting of personal data security breaches, personal data processing impact assessments, prior consultation and regulatory consent for potentially risky processing; not to mention enhanced internal controls, enforcement and compliance burdens, including the appointment of a data protection officer.

No, really.


Just as soon as I've got my head around the idea that "Consent shall not provide a legal basis for the processing, where there is a significant imbalance between the position of the data subject and the controller" (Article 7(4)).

How can we really be sure there has been consent to anything?