Commission looks to new standards for public sector data


This article is part of our special report Data protection.

The European Commission launched this month a consultation designed to streamline electronic public-sector information amid uncertainty as to how new data protection rules will affect public administrations as well as the private sector.

The consultation, which will run for three months, aims to create consistency in how administrative categories – such as people, vehicles, businesses and locations – are described in member states' government information systems.

The exercise is designed to counteract inconsistencies in the processing of information that can result in a mismatch of data when nationals of one EU country receive services in another.

A new ‘vocabulary’

Currently this mismatch results in data processing problems and the EU executive’s  Interoperability Solutions for European Public Administrations (ISA) programme is developing central “data vocabulary”, with the aim of making it easier to re-use and share information.

The move is seen as the potential genesis of more harmonised online government services, but it comes at a sensitive time as public services prepare for a rigorous new data-protection regime that will affect them as well as private users.

Under the proposed regime, public administrative data – such as criminal investigations – will be subject to special exemptions and be covered by a directive rather than a regulation. This would not be the case with private data.

There are doubts as to how the new system can work since many public administrations access the data of private operators, creating scope for grey areas.

Investigations protected, but up to what point?

The use of data by administrations has long been contentious and lawyers will be scrutinising the new regime carefully to see how bodies such as the Commission itself reserve the right to manage data for use on their own investigations.

The Commission’s competition department, for example, regularly swaps information with its counterparts in the US and Japan in the course of its investigations.

The core vocabulary will provide a model of specific features that could be used to catalogue and describe a person, including the date and place of birth and the gender. It is possible to add more detailed information, such as whether she or he is a voter, an employee, a passenger or a patient. The other two vocabularies describe data entities in the domains of business and geographical location.

The Commission said that the new rules for such information categories would be non-binding, instead they would highlight the issue to encourage more rational systems.

“The horizontal [data protection] regulation for the private sector also covers public authorities except for the police and justice sector and the EU institutions,” said German Green MEP Jan Philipp Albrecht.

“For those [public authorities] we will have a separate directive which has been also presented in the package on the new EU data protection rules. Of course we need to ensure possibilities of law enforcement bodies to do their work while assuring strong data protection safeguards for individuals,” Albrecht said.

“In many ways ordinary public authorities are far behind the private sector in terms of their sophistication in dealing with IT and data processing… it’s hard to separate the public and private sectors completely since where the private sector has databases, governments frequently want access to these,” said Christopher Kuner, a partner with the Hunton & Williams law firm's Brussels office.

Existing European Union rules on data protection were adopted in 1995, when the internet was still in its infancy. In 1993 the internet carried only 1% of all electronic information, while by 2007 the figure was more than 97%, EU data show.

While rising numbers of tailored products and services offer increased benefits for consumers, they also rely enormously on the use of personal data.

Private information can include financial data; details about health conditions or sexual and political orientation; locational data; and online identifiers, such as cookies.

The possibilities for misusing or abusing this information are infinite. And EU citizens are becoming increasingly aware of it. In a recent Eurobarometer poll, 70% of those surveyed were concerned that personal information is used by companies for purposes other than for what it was collected, while 64% feel that information on how data are used is unsatisfactory.

  • 17 February 2012: Consultation on public data vocabularies opened for three months
  • 2012-14: Commission's proposals for data protection reform set to be debated in European Parliament and Council

Subscribe to our newsletters