Polish officials debate EU's draft data privacy law
With technological progress and globalisation changing the way people access and use personal data, the need for a digital social contract is becoming obvious, according to participants at a recent debate on digital identity held in Warsaw. EurActiv Poland reports.
The conference, organised at the initiative of Michał Boni, Poland’s minister for administration and digitisation, was held on 13 May and featured Viviane Reding, European Commission vice-president in charge of justice, citizenship and fundamental rights as a special guest.
“The European Union is one of the few places in the world where protecting personal data is a legal obligation,” said Reding, whose visit to Warsaw related to ongoing work on the EU personal data protection package.
“Thanks to the new legal form, we will have consistent law in this respect throughout the EU,” she explained, saying this would provide businesses with better legal certainty. Brussels estimates the savings for businesses at around €2.3 billion a year.
Boni concurred, saying he was convinced that any discussion on global digital issues had to be based on the assumption that the right to personal data protection is a fundamental right.
But he also sounded a warning note. “We cannot, though, impose technically and economically infeasible restrictions on business. Rather, we should search for solutions that will not create additional barriers or hinder innovations and competitiveness in business,” Boni said.
Włodzimierz Schmidt, president of the Interactive Advertising Bureau Poland, a trade organisation, observed that despite the assurances from lawmakers, entrepreneurs were still afraid that too rigorous restrictions on the rights of businesses would thwart their activities.
The importance of finding solutions that will protect citizens without obstructing business was also stressed by MEP Rafał Trzaskowski (European People's Party). He emphasised the need to involve every interested party in the debate, including the EU and national lawmakers, entrepreneurs, NGOs and citizens, as well as the Inspectors General for the Protection of Personal Data and the European Data Protection Supervisor, whose job was created in 2009.
Boni pointed out that since institutions were already in place and were working on new regulations, what was of utmost importance now was building a new awareness of security and data protection among businesses and citizens.
“As internet users, we need to understand the context in which we function online. We leave traces, not always consciously. Sometimes we are online with the people we like, because we choose to – but sometimes with those who want to sell things to us,” he said.
Reding reminded the audience that the European Union had a Charter of Fundamental Rights which clearly stated that every EU citizen has a right to the protection of their personal data. She added that the directive on personal data protection had been in place since 1995.
“A lot has changed since then, we now live in a completely new era – the age of the internet and smartphones. We need to adjust existing regulations to the modern reality,” Reding said.
New EU rules adopted by year-end?
With the booming popularity of social websites, debate on the safety of citizens' personal information online has been raging since the turn of the decade.
To address the issue, the European Commission proposed new legislative package in January 2012, which should be adopted by the end of this year and fully implemented before 2016.
But views have diverged across the Atlantic as to how stringent the new rules should be, with America choosing a softer, more business-friendly approach to regulation.
Reding was plain about the differences between the EU and US approaches to personal data protection, saying ”this debate is still ongoing and a compromise is yet to be reached.” She assured the audience that data of European citizens would be protected also if stored on servers outside the EU.
Boni, for his part, stressed that any legislation that comes out of the EU will also carry a global reach and should be crafted carefully in order not to overburden companies with red tape. Trzaskowski too insisted on keeping the debate on personal data protection to the point and avoid creating an impression of menace to companies operating in Europe.
Wojciech Wiewiórowski, Poland’s general data protection inspector, focused on the question of confidence between the citizens disclosing their data on the one hand, and business on the other, and said the latter could potentially strain that relation of trust. He said, however, that “currently we have managed to build such trust in the market”.
Katarzyna Szymielewicz, president of the online privacy NGO Panoptykon Foundation, said she was concerned that the public was showing little interest in data protection issues. She blamed this on the level of detail in the provisions, and the complexity of the matter.
Responding to her; minister Boni suggested that if citizens wanted to be actively involved in the legislative process, now was the time to come up with proposals. “Later on, we will only be able to work on implementing conditions,” he said.
The European Commission published on 25 January 2012 a broad legislative package aimed at safeguarding personal data across the EU.
The legislation is expected to strengthen citizens’ rights and could have a far-reaching impact on the way online data are collected and processed.
A Commission memo describes personal data as "any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address."
- 2014: Target-year to have new data protection legislation adopted